US6275934B1 - Authentication for information exchange over a communication network - Google Patents

Authentication for information exchange over a communication network Download PDF

Info

Publication number
US6275934B1
US6275934B1 US09/173,970 US17397098A US6275934B1 US 6275934 B1 US6275934 B1 US 6275934B1 US 17397098 A US17397098 A US 17397098A US 6275934 B1 US6275934 B1 US 6275934B1
Authority
US
United States
Prior art keywords
guest
key
host
authenticating
authenticating server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
US09/173,970
Inventor
Aleksey Novicov
John Michael Rivlin
Garth Conboy
James Sachs
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Soft Book Press Inc
Adeia Technologies Inc
Original Assignee
Soft Book Press Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Soft Book Press Inc filed Critical Soft Book Press Inc
Priority to US09/173,970 priority Critical patent/US6275934B1/en
Assigned to SOFTBOOK PRESS, INC. reassignment SOFTBOOK PRESS, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: CONBOY, GARTH, NOVICOV, ALEKSEY, RIVLIN, JOHN MICHAEL, SACHS, JAMES
Priority to PCT/US1999/023398 priority patent/WO2000024175A1/en
Priority to AU11042/00A priority patent/AU1104200A/en
Assigned to STARSIGHT TELECAST, INC. reassignment STARSIGHT TELECAST, INC. SECURITY AGREEMENT Assignors: SOFTBOOK PRESS, INC.
Application granted granted Critical
Publication of US6275934B1 publication Critical patent/US6275934B1/en
Assigned to GEMSTAR EBOOK GROUP LIMITED reassignment GEMSTAR EBOOK GROUP LIMITED MERGER AND CHANGE OF NAME Assignors: NUVOMEDIA, INC. (AGREEMENT AND APPROVAL OF MERGER BETWEEN GEMSTAR EBOOK GROUP AND NUVOMEDIA, INC.), SOFTBOOK PRESS, INC.(CHANGE OF NAME TO GEMSTAR EBOOK GROUP LIMITED)
Assigned to ROVI TECHNOLOGIES CORPORATION reassignment ROVI TECHNOLOGIES CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: NETWORKS EBOOK LLC
Assigned to NETWORKS EBOOK LLC reassignment NETWORKS EBOOK LLC MERGER (SEE DOCUMENT FOR DETAILS). Assignors: GEMSTAR EBOOK GROUP LIMITED
Assigned to JPMORGAN CHASE BANK, N.A. reassignment JPMORGAN CHASE BANK, N.A. SECURITY AGREEMENT Assignors: ROVI TECHNOLOGIES CORPORATION
Assigned to ODS PROPERTIES, INC., UNITED VIDEO PROPERTIES, INC., GEMSTAR DEVELOPMENT CORPORATION, STARSIGHT TELECAST, INC., INDEX SYSTEMS INC., ALL MEDIA GUIDE, LLC, APTIV DIGITAL, INC., TV GUIDE ONLINE, LLC, TV GUIDE, INC., ROVI TECHNOLOGIES CORPORATION, ROVI DATA SOLUTIONS, INC. (FORMERLY KNOWN AS TV GUIDE DATA SOLUTIONS, INC.), ROVI GUIDES, INC. (FORMERLY KNOWN AS GEMSTAR-TV GUIDE INTERNATIONAL, INC.), ROVI SOLUTIONS CORPORATION (FORMERLY KNOWN AS MACROVISION CORPORATION), ROVI SOLUTIONS LIMITED (FORMERLY KNOWN AS MACROVISION EUROPE LIMITED) reassignment ODS PROPERTIES, INC. RELEASE BY SECURED PARTY (SEE DOCUMENT FOR DETAILS). Assignors: JPMORGAN CHASE BANK, N.A. (A NATIONAL ASSOCIATION)
Assigned to SOFTBOOK PRESS, INC. reassignment SOFTBOOK PRESS, INC. RELEASE BY SECURED PARTY (SEE DOCUMENT FOR DETAILS). Assignors: STARSIGHT TELECAST, INC.
Assigned to ROVI TECHNOLOGIES CORPORATION reassignment ROVI TECHNOLOGIES CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: NETWORKS EBOOK LLC
Assigned to MORGAN STANLEY SENIOR FUNDING, INC., AS COLLATERAL AGENT reassignment MORGAN STANLEY SENIOR FUNDING, INC., AS COLLATERAL AGENT PATENT SECURITY AGREEMENT Assignors: APTIV DIGITAL, INC., GEMSTAR DEVELOPMENT CORPORATION, INDEX SYSTEMS INC., ROVI GUIDES, INC., ROVI SOLUTIONS CORPORATION, ROVI TECHNOLOGIES CORPORATION, SONIC SOLUTIONS LLC, STARSIGHT TELECAST, INC., UNITED VIDEO PROPERTIES, INC., VEVEO, INC.
Assigned to UNITED VIDEO PROPERTIES, INC., GEMSTAR DEVELOPMENT CORPORATION, STARSIGHT TELECAST, INC., INDEX SYSTEMS INC., TV GUIDE INTERNATIONAL, INC., ALL MEDIA GUIDE, LLC, APTIV DIGITAL, INC., ROVI CORPORATION, ROVI TECHNOLOGIES CORPORATION, ROVI SOLUTIONS CORPORATION, ROVI GUIDES, INC. reassignment UNITED VIDEO PROPERTIES, INC. PATENT RELEASE Assignors: JPMORGAN CHASE BANK, N.A., AS COLLATERAL AGENT
Anticipated expiration legal-status Critical
Assigned to ROVI SOLUTIONS CORPORATION, APTIV DIGITAL INC., ROVI TECHNOLOGIES CORPORATION, VEVEO, INC., SONIC SOLUTIONS LLC, INDEX SYSTEMS INC., ROVI GUIDES, INC., GEMSTAR DEVELOPMENT CORPORATION, STARSIGHT TELECAST, INC., UNITED VIDEO PROPERTIES, INC. reassignment ROVI SOLUTIONS CORPORATION RELEASE OF SECURITY INTEREST IN PATENT RIGHTS Assignors: MORGAN STANLEY SENIOR FUNDING, INC., AS COLLATERAL AGENT
Expired - Lifetime legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • G06F21/445Program or device authentication by mutual authentication, e.g. between devices or programs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2211/00Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
    • G06F2211/007Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2115Third party

Definitions

  • This invention relates to computer security.
  • the invention relates to authentication for information exchange.
  • a major problem in electronic commerce is security. Consumers want to securely access remote sites on the Internet without disclosing their identities or activities. Business entities want to keep their transactions secret from others to increase consumers's trust and to protect their own business information and trade secrets.
  • the key aspects of communication security include confidentiality and information integrity. An individual user wants to be assured that he or she is dealing with a trusted business entity to keep his or her activities private. A business entity also wants to be assured that it is conducting business with a genuine customer and not some impostor. The process to ensure that the two parties who are doing business with each other are two true and genuine parties is called authentication.
  • a simple way to authenticate a party is to use a user identification code and a password. Although the use of a user ID and a password is sufficient for simple transactions, they are inadequate for more complex commercial transactions. When a user ID or a password is transmitted in the clear over a communication network, there is a high possibility that the information can be intercepted by illegal users.
  • the present invention is a method and apparatus for authenticating an information exchange between a host and a guest on a network.
  • the host has a host key and the guest has a guest key.
  • An authenticating server authenticates the guest.
  • the authenticating server uses the host key and the guest key.
  • the guest authenticates the authenticating server using the guest key.
  • the host authenticates the guest and the authenticating server using the host key.
  • FIG. 1 is a diagram illustrating a system in which one embodiment of the invention can be practiced.
  • FIG. 2 is a diagram illustrating an authentication procedure according to one embodiment of the invention.
  • FIG. 3A is a flowchart illustrating a process to perform the first three steps in the authentication procedure in FIG. 2 according to one embodiment of the invention.
  • FIG. 3B is a flowchart illustrating a process to perform the fourth step in the authentication procedure in FIG. 2 according to one embodiment of the invention.
  • FIG. 3C is a flowchart illustrating a process to perform the last two steps of the authentication procedure in FIG. 2 according to one embodiment of the invention.
  • FIG. 4 is a flowchart illustrating a process to perform a ROM update according to one embodiment of the invention.
  • FIG. 5 is a diagram illustrating the use of extended anchor tags to approve a sales transaction according to one embodiment of the invention.
  • FIG. 6 is a diagram illustrating the use of a SECURE attribute for information submission according to one embodiment of the invention.
  • FIG. 7 is a diagram illustrating a key encryption format according to one embodiment of the invention.
  • the present invention is a method and apparatus for authenticating parties in an information exchange over a communication network.
  • the method uses an authentication server as an intermediary between a host and a guest.
  • the entire authentication procedure involves a number of authenticating processes between the three communicating entities.
  • Each party sends encrypted information using a secret key.
  • the encrypted information is decrypted by the recipient and the decrypted information is matched with a predetermined code.
  • the authentication is successful when there is a match between the decrypted information and the predetermined code.
  • FIG. 1 is a diagram illustrating a system in which one embodiment of the invention can be practiced.
  • the system 100 comprises: (a) at least one portable electronic book 10 operative to request a digital content from a catalog of distinct digital contents, to receive and display the requested digital content in readable form; (b) an information services system 20 which includes an authentication server 32 for authenticating the identity of the requesting portable electronic book 10 and a copyright protection server 22 for rendering the requested digital content sent to the requesting portable electronic book 10 readable only by the requesting portable electronic book 10 ; (c) at least one primary virtual bookstore 40 in electrical communication with the information services system 20 , the primary virtual bookstore being a computer-based storefront accessible by the portable electronic book and including the catalog of distinct digital contents; (d) a repository 50 , in electrical communication with the primary virtual bookstore 40 , for storing the distinct digital contents listed in the catalog; and (e) an authentication server 32 for authenticating the electronic book users or a bookstore in an information exchange with a host.
  • an authentication server 32 for authenticating the electronic book users or a bookstore in an information exchange with a host.
  • the system 100 preferably includes more than one portable electronic book 10 , to be commercially viable. This is illustrated in FIG. 1 by including the portable electronic books 12 and 14 .
  • the system also preferably includes more than one primary virtual bookstore 40 , each serving a different set of customers, each customer owning a portable electronic book.
  • the system 100 further comprises a secondary virtual bookstore 60 in electrical communication with the information services system 20 .
  • the information services system 20 also includes a directory of virtual bookstores 26 in order to provide the portable electronic book 10 with access to the secondary virtual bookstore 60 and its catalog of digital contents.
  • the information services system 20 also includes a registration server 24 for keeping track of the portable electronic books that are considered active accounts in the system and for ensuring that each portable electronic book is associated with a primary virtual bookstore in the system.
  • the information services system 20 preferably comprises a centralized bookshelf 30 associated with each portable electronic book 10 in the system.
  • Each centralized bookshelf 30 contains all digital contents requested and owned by the associated portable electronic book 10 .
  • Each portable electronic book 10 user can permanently delete any of the owned digital contents from the associated centralized bookshelf 30 . Since the centralized bookshelf 30 contains all the digital contents owned by the associated portable electronic book 10 , these digital contents may have originated from different virtual bookstores.
  • the centralized bookshelf 30 is a storage extension for the portable electronic book 10 . Such storage extension is needed since the portable electronic book 10 has limited non-volatile memory capacity.
  • the user of the portable electronic book 10 can add marks, such as bookmarks, inking, highlighting and underlining, and annotations on a digital content displayed on the screen of the portable electronic book, then stores this marked digital content in the non-volatile memory of the electronic book 10 .
  • the user can also upload this marked digital content to the information services system 20 to store it in the centralized bookshelf 30 associated with the portable electronic book 10 , for later retrieval. It is noted that there is no need to upload any unmarked digital content, since it was already stored in the centralized bookshelf 30 at the time it was first requested by the portable electronic book 10 .
  • the information services system 20 further includes an Internet Services Provider (ISP) 34 for providing Internet network access to each portable electronic book in the system.
  • ISP Internet Services Provider
  • FIG. 1 further illustrates that the electronic book 10 interacts with the authenticating server 32 and the primary virtual bookstore 40 for authentication of information exchange.
  • the electronic book 10 is a guest and the primary virtual bookstore is a host.
  • the authentication is carried out over the communication network provided by the ISP 34 .
  • ISP 34 the communication network provided by the ISP 34 .
  • FIG. 2 is a diagram illustrating an authentication procedure 200 according to one embodiment of the invention.
  • the authentication procedure 200 involves a guest 210 , a host 220 , an authentication server 32 , an initial request path 241 , an initial host response path 242 , a guest message path 243 , an authentication server response path 244 A, a authentication server error path 244 B, a guest ticket path 245 A, a guest error path 245 B, an authentication completed path 246 A, and a host error path 256 B.
  • the guest 210 represents the party who initiates the information exchange.
  • the host 220 represents the party who responds to the access request by the guest 210 .
  • an electronic book accesses a bookstore, the personal library, or the registration server (FIG. 1 )
  • the electronic book is the guest and the bookstore, the library, or the registration server is the host.
  • the bookstore accesses the personal library
  • the bookstore is the guest and the library is the host.
  • the authentication server 32 is an intermediary agent or entity acting on behalf of the host 220 to authenticate the guest 210 .
  • the authentication procedure 200 uses a symmetric key encryption algorithm to generate a session key that is used during the session.
  • the guest 210 keeps a secret key that is known only to the guest 210 and the authentication server 32 .
  • the secret key is programmed into the electronic book during the manufacturing process.
  • the secret key is created by the bookstore manager or provided by the information service.
  • the initial request path 241 goes from the guest 210 to the host 220 .
  • the initial request path 241 corresponds to the first step (Step 1) in the authentication procedure and is established when the guest 210 initiates the request for a session to the host 220 .
  • the guest 210 sends a GET request to the host together with any additional parameters normally required by the host 220 .
  • the initial host response path 242 goes from the host 220 to the guest 210 .
  • the initial host response path 242 corresponds to the second step (Step 2) in the authentication procedure and is established when the host 220 responds to the initial request from the guest 210 via the initial request path 241 .
  • the host 220 responds with the new URL pointing to the authentication server 32 and appends HOST_ID and HOST_URL parameters to the query string.
  • the guest message path 243 goes from the guest 210 to the authentication server 32 .
  • the guest 210 creates a MESSAGE and append a number of parameters.
  • the MESSAGE includes 64 ASCII hexadecimal characters and is formed by two parts. The first part is the represented by the expression GKEY(SKEY, TIME), and the second part is represented by the expression TKEY(GID,CID).
  • the GKEY(SKEY, TIME) includes 32 ASCII hexadecimal characters and is formed by encrypting an SKEY and a TIME.
  • the SKEY is an 8-byte random number generated by the guest 210 .
  • TIME is a 4-byte number representing the current time in seconds based on an epoch of 1/1/1904 (4 bytes).
  • the SKEY and TIME are encrypted using the guest key (GKEY).
  • the TKEY(GID, 0 ) includes 32 ASCII hexadecimal characters and is formed by encrypting a GID and a CID.
  • the GID is a 12-character guest ID (e.g., the electronic book ID or the bookstore ID).
  • the CID is a 4-byte customer ID.
  • the GID and CID are encrypted together using a temporary key (TKEY).
  • the TKEY is formed by the first eight bytes of the MD5 digest of a data key (DKEY).
  • the DKEY is formed by the first eight bytes of the MD5 digest of the SKEY.
  • the appended parameters include other pertinent information such as HOST_ID, HOST_URL, GUEST_ID, DEVICE_TYPE, and VERSION.
  • the HOST_ID is the host identification represented by ASCII number.
  • the HOST_URL is the encoded URL to return to the host.
  • the GUEST_ID is the electronic book serial number or the bookstore ID.
  • the DEVICE_TYPE is the guest type (e.g., electronic book or bookstore).
  • the VERSION is the protocol version number.
  • the authentication server response path 244 A goes from the authentication server 32 to the guest 210 .
  • the authentication server response path 244 A corresponds to the fourth step (Step 4) in the authentication procedure and is established when the authentication server 32 responds to the MESSAGE sent by the guest 210 via the guest message path 243 .
  • the authenticating server 32 looks up the secret key for the given device type and decrypts the MESSAGE. If the decrypted GID matches the GUEST_ID sent in the appended parameters in the clear as part of the URL, the guest 210 is authenticated and the authentication server response path 244 A is established. If the decrypted GID does not match the GUEST_ID, the authentication server error path 244 B is established which is described later.
  • the time portion of the authentication is checked. If it is within a reasonable tolerance (e.g., within the predetermined time range), the authentication server 32 returns an URL redirection to the host, an encrypted RESPONSE cookie, and appends a number of parameters to be described later. If the time portion is outside a reasonable tolerance, the authenticating server 32 responds with an URL redirection to itself specifying two cookies to allow the guest 210 the opportunity to reset its clock properly.
  • the appended parameters include GUEST_ID, DEVICE_TYPE, VERSION, CUSTOMER_ID, FIRST_NAME, MIDDLE_NAME, LAST_NAME, COMPANY, STREET1, STREET2, CITY, STATE, COUNTRY, ZIP, and PRIMARY.
  • the GUEST_ID is the electronic book serial number or the bookstore ID.
  • the DEVICE_TYPE is the guest type (e.g., electronic book or bookstore).
  • the VERSION is the protocol version number.
  • the CUSTOMER_ID is a numeric string representing the electronic book customer identification number.
  • the FIRST_NAME, MIDDLE_NAME, and LAST_NAME represent the name of the customer and is retrieved from the registration database.
  • the COMPANY is the customer's affiliation and is retrieved from the registration database.
  • the STREET1, STREET2, CITY, STATE, COUNTRY, ZIP represent the customer's address and are retrieved from the registration database.
  • the PRIMARY is a flag or indicator (e.g., TRUE or FALSE) to indicate if the bookstore is a primary bookstore or a secondary bookstore.
  • the RESPONSE includes a 64 ASCII hexadecimal characters which are converted from an encrypted code using the TKEY represented by the expression TKEY(HKEY(SKEY, TIME), TKEY(GID, CID)).
  • HKEY is the host key.
  • the authentication server error path 244 B goes from the authentication server 32 to an error facility.
  • the authentication server path 244 B is established when the decrypted GID does not match the GUEST_ID sent in the appended parameters in the clear as part of the URL.
  • the authentication server 32 returns an HTML that displays an error message.
  • An example of such an error message is: “Your electronic book may be defective. Please try again in a few minutes, or contact the manufacturer at the phone number listed in your product manual”.
  • the guest ticket path 245 A goes from the guest 210 to the host 220 .
  • the guest ticket path 245 A corresponds to the fifth step (Step 5) in the authentication procedure and is established when the guest 210 responds to the RESPONSE from the authenticating server 32 sent by the authentication server 32 via the authenticating server response path 244 A.
  • the guest 210 decrypts the RESPONSE cookie to verify if the authenticating server 32 is in fact genuine by matching the decrypted GID with its own serial number or its own ID. If the authentication server is deemed to be genuine, the 32 byte (or 64 ASCII hexadecimal characters) RESPONSE is decrypted using the TKEY, which is derived from the SKEY. The guest 210 then generates a TICKET which is a 64 ASCII hexadecimal character string converted from the 32-byte RESPONSE. The TICKET is appended to the parameter list of the URL and the redirection to the host 220 is completed. The parameter list includes the same parameters sent via the authentication server response path 244 A.
  • the guest error path 245 B goes from the guest 210 to an error processing facility.
  • the guest error path 245 B corresponds to the fifth step (Step 5) in the authentication procedure and is established when the decrypted GID does not match with the guest own serial number or its own ID.
  • the authentication completed path 246 A goes from the host 220 to the guest 210 .
  • the authentication completed path 246 A corresponds to the sixth step (Step 6) in the authentication procedure and is established when the host 220 responds to the TICKET sent from the guest 210 via the guest ticket path 245 A.
  • the host 220 decrypts the TICKET received from the guest 210 via the guest ticket path 245 A. If the decrypted GID matches the GUEST)ID sent in the clear, the authentication server 32 and the guest 210 are deemed genuine and the authentication procedure is completed.
  • the host error path 256 B goes from the host to an error processing facility.
  • the host error path 246 B corresponds to the sixth step (Step 6) in the authentication procedure and is established when the decrypted GID does not match the GUEST_ID sent in the clear. If this occurs, either the authentication server 32 is not trusted or the guest 210 is not trusted.
  • the host 220 then redirects the GET back to the authentication server 32 to the unauthorized page to process the error. If the guest 210 is a new user and the host 220 does not accept guest access, the host 220 can redirect the GET back to the authentication server 32 to the unauthorized page to process the error
  • FIG. 3A is a flowchart illustrating a process 300 A to perform the first three steps in the authentication procedure in FIG. 2 according to one embodiment of the invention.
  • the process 300 A corresponds to steps 1, 2, and 3 in the authentication procedure.
  • the process 300 A Upon START, the process 300 A performs step 1.
  • the guest sends an initial request to the host (Block 310 ).
  • Step 1 is completed.
  • the process 300 A performs step 3 at the connector B.
  • the guest creates a MESSAGE based on the expression GKEY(SKEY, TIME), TKEY(GID, CID) (Block 330 ). Then the guest appends parameters on redirection: HOST_ID, HOST_URL, GUEST_ID, DEVICE_TYPE, and VERSION (Block 332 ). Then the guest sends MESSAGE and the appended parameters to the authentication server (Block 334 ). Step 3 is completed, concluding the process 300 A at the connector A.
  • FIG. 3B is a flowchart illustrating a process 300 B to perform the fourth step in the authentication procedure in FIG. 2 according to one embodiment of the invention.
  • the process 300 B corresponds to step 4 in the authentication procedure.
  • the process 300 B starts step 4 at the connector A.
  • the authentication server looks up the secret key for the device type received from the guest and decrypts the message (Block 340 ). Then the process 300 B determines if the guest ID exist in the database (Block 341 ). If not, the authentication server returns an error message and disconnects the connection (Block 343 ) and is then terminated. If the guest ID exists in the database, the authentication server determines if the decrypted GID match the GUEST_ID parameter received in the clear (Block 342 ). If not, the authentication server returns an error message and disconnects the connection (Block 343 ) and is then terminated.
  • the authentication server responds to the guest with “object moved” and points new URL to the original host (Block 345 ). Then the authentication server appends the list of parameters: guest ID, device type, version, customer ID, name, affiliation, address, primary flag (Block 347 ). Next, the authentication server creates a response based on the expression TKEY(HKEY(SKEY, TIME), TKEY(GID, CID)) (Block 349 ). The process 300 B concludes step 4 and proceeds to connector C.
  • FIG. 3C is a flowchart illustrating a process 300 C to perform the last two steps of the authentication procedure in FIG. 2 according to one embodiment of the invention.
  • the process 300 C corresponds to steps 5 and 6 in the authentication procedure.
  • the process 300 C starts step 5 at the connector C.
  • the guest decrypts the response from the authentication server (Block 350 ). Then the guest determines if the decrypted GID match the guest's own serial number (block 352 ). If not, the guest returns an error message and disconnects (Block 354 ). The process 300 C is then terminated. If the decrypted GID match the guest's own serial number, the guest creates the ticket by decrypting the response and converting it back. The guest then appends the list of parameters: guest ID, device type, version, customer ID, name, affiliation, address, primary flag (Block 356 ). Then the guest redirects the ticket and the appended parameters to the original host (Block 359 ). Step 5 is completed.
  • the process 300 C starts step 6 where the host receives the ticket and parameters from the guest.
  • the host decrypts the encrypted ticket (Block 360 ). Then the host determines if the decrypted GID match the guest ID sent in the clear (Block 362 ). If not, the host redirects the session to the unauthorized page with a NOT_TRUSTED parameter (Block 364 ) and the authentication procedure is terminated. If there is a match, the host determines if the guest is denied access (Block 366 ). If yes, the host redirects the session to an unauthorized page with an ACCESS DENIED parameter (Block 368 ) and the authentication procedure is terminated. If the guest access is not denied, the guest is deemed genuine and the authentication procedure is completed.
  • the host If the host cannot trust the response from the guest or Authentication server, it redirects the session to the unauthorized page with the “why” parameter set to “ELECTRONIC_BOOK_NOT_TRUSTED”.
  • the process 300 C is then terminated.
  • ROM programmable read only memory
  • FIG. 4 is a flowchart illustrating a process to perform a ROM update according to one embodiment of the invention.
  • the process 400 Upon START, the process 400 notifies the authentication server of the ROM version in the electronic book (Block 410 ). Then the process 400 determines if the ROM requires an update (Block 420 ). If not, the process 400 is terminated. If the ROM requires an update, the authentication server responds with an “object moved” to the ROM update page (Block 430 ). Then the process 400 determines if the user wants the update (Block 440 ). If no, the process 400 is terminated. If yes, the process 400 downloads the ROM update to the electronic book (Block 450 ). The process 400 is then terminated.
  • FIG. 5 is a diagram illustrating the use of extended anchor tags to approve a sales transaction according to one embodiment of the invention.
  • Extended anchor tags are used to approve an order or sales transaction.
  • the example shown in FIG. 5 illustrates the form of the extended anchor tags used an HTML document.
  • TYPE secure.
  • a random number that has been encrypted with the electronic book secret key is appended to the target URL. This serves as an order ID. This attribute option is only recognized in a secure HTML page.
  • SHOWSLIP If specified, the status slip is displayed when the page is rendered. This attribute is only recognized in a secure HTML page.
  • PROMPT “text”. If specified, this text is rendered in the status slip. Ignored if SHOWSLIP not specified.
  • YESBUTTON “name”.
  • the name for the button in the status slip (default to “Yes”) which if tapped by the user, follows the link specified by HREF. Ignored if SHOWSLIP not specified.
  • NOBUTTON “name”.
  • the name for the button in the status slip (default to “No”) which if tapped by the user, follows the link specified by NOHREF. Ignored if SHOWSLIP not specified.
  • NOHREF “URL”. If a link for NOHREF is specified, that link will be followed if the NOBUTTON is tapped. If NOHREF is not specified, and the NOBUTTON is tapped, the slip is dismissed.
  • Tapping “Yes” is equivalent to tapping on the anchor tag.
  • the order ID is a 32-bit random number generated by the electronic book.
  • the secure status slip shown above is modal. Tapping outside of the status slip does nothing. The status slip also can not be put away by tapping the “lock” icon.
  • FIG. 6 is a diagram illustrating the use of a SECURE attribute for information submission according to one embodiment of the invention.
  • a new SECURE attribute has been added to the ⁇ FORM tag. If this attribute is present, all form data is encrypted with the data key before being submitted to the server. Note that only the parameter data is encrypted, and not the parameter names.
  • the resultant URL would look something like:
  • FIG. 7 is a diagram illustrating a key encryption format according to one embodiment of the invention.
  • the encryption format includes 32 bytes and is applicable for the MESSAGE, RESPONSE, and TICKET character strings.
  • Bytes 0-5 correspond to the session key SKEY[ 0 : 6 ].
  • Bytes 6-9 correspond to TIME[ 0 : 3 ] where bytes 6-7 correspond to the most significant bytes and bytes 8-9 correspond to the least significant bytes.
  • Bytes 10-11 correspond to SKEY[ 7 : 8 ].
  • Bytes 12-15 corresponds to the random number RANDOM.
  • Bytes 16-23 correspond to the guest ID, GID[ 0 : 7 ].
  • Bytes 24-27 correspond to the guest ID, GID[ 8 : 11 ].
  • Bytes 28-31 correspond to customer ID, CID[ 0 : 3 ].
  • the present invention provides a simple and efficient technique to authenticate an information exchange between a host and a guest on a network.
  • the technique uses an authenticating server which shares a host key with the host and a guest key with the guest.
  • the authentication is performed by encrypting and decrypting messages sent between two parties using the shared keys.
  • the technique is reliable and efficient.

Abstract

The present invention is a method and apparatus for authenticating an information exchange between a host and a guest on a network. The host has a host key and the guest has a guest key. An authenticating server authenticates the guest. The authenticating server uses the host key and the guest key. The guest authenticates the authenticating server using the guest key. The host authenticates the guest and the authenticating server using the host key.

Description

BACKGROUND
1. Field of the Invention
This invention relates to computer security. In particular, the invention relates to authentication for information exchange.
2. Description of Related Art
The rapid growth of computer and communication technologies has facilitated business transactions in a number of ways. One particular area of business transactions in the electronic commerce. Consumers can now conduct commercial transactions with business entities conveniently and efficiently over the communication networks such as the Internet.
A major problem in electronic commerce is security. Consumers want to securely access remote sites on the Internet without disclosing their identities or activities. Business entities want to keep their transactions secret from others to increase consumers's trust and to protect their own business information and trade secrets. The key aspects of communication security include confidentiality and information integrity. An individual user wants to be assured that he or she is dealing with a trusted business entity to keep his or her activities private. A business entity also wants to be assured that it is conducting business with a genuine customer and not some impostor. The process to ensure that the two parties who are doing business with each other are two true and genuine parties is called authentication.
A simple way to authenticate a party is to use a user identification code and a password. Although the use of a user ID and a password is sufficient for simple transactions, they are inadequate for more complex commercial transactions. When a user ID or a password is transmitted in the clear over a communication network, there is a high possibility that the information can be intercepted by illegal users.
Therefore there is a need in the technology to provide a reliable and efficient method to authenticate parties involved in an information exchange over a communication network.
SUMMARY
The present invention is a method and apparatus for authenticating an information exchange between a host and a guest on a network. The host has a host key and the guest has a guest key. An authenticating server authenticates the guest. The authenticating server uses the host key and the guest key. The guest authenticates the authenticating server using the guest key. The host authenticates the guest and the authenticating server using the host key.
BRIEF DESCRIPTION OF THE DRAWINGS
The features and advantages of the present invention will become apparent from the following detailed description of the present invention in which:
FIG. 1 is a diagram illustrating a system in which one embodiment of the invention can be practiced.
FIG. 2 is a diagram illustrating an authentication procedure according to one embodiment of the invention.
FIG. 3A is a flowchart illustrating a process to perform the first three steps in the authentication procedure in FIG. 2 according to one embodiment of the invention.
FIG. 3B is a flowchart illustrating a process to perform the fourth step in the authentication procedure in FIG. 2 according to one embodiment of the invention.
FIG. 3C is a flowchart illustrating a process to perform the last two steps of the authentication procedure in FIG. 2 according to one embodiment of the invention.
FIG. 4 is a flowchart illustrating a process to perform a ROM update according to one embodiment of the invention.
FIG. 5 is a diagram illustrating the use of extended anchor tags to approve a sales transaction according to one embodiment of the invention.
FIG. 6 is a diagram illustrating the use of a SECURE attribute for information submission according to one embodiment of the invention.
FIG. 7 is a diagram illustrating a key encryption format according to one embodiment of the invention.
DESCRIPTION
The present invention is a method and apparatus for authenticating parties in an information exchange over a communication network. The method uses an authentication server as an intermediary between a host and a guest. The entire authentication procedure involves a number of authenticating processes between the three communicating entities. Each party sends encrypted information using a secret key. The encrypted information is decrypted by the recipient and the decrypted information is matched with a predetermined code. The authentication is successful when there is a match between the decrypted information and the predetermined code.
In the following description, for purposes of explanation, numerous details are set forth in order to provide a thorough understanding of the present invention. However, it will be apparent to one skilled in the art that these specific details are not required in order to practice the present invention. In other instances, well-known electrical structures and circuits are shown in block diagram form in order not to obscure the present invention.
FIG. 1 is a diagram illustrating a system in which one embodiment of the invention can be practiced.
Referring to FIG. 1, the system 100 comprises: (a) at least one portable electronic book 10 operative to request a digital content from a catalog of distinct digital contents, to receive and display the requested digital content in readable form; (b) an information services system 20 which includes an authentication server 32 for authenticating the identity of the requesting portable electronic book 10 and a copyright protection server 22 for rendering the requested digital content sent to the requesting portable electronic book 10 readable only by the requesting portable electronic book 10; (c) at least one primary virtual bookstore 40 in electrical communication with the information services system 20, the primary virtual bookstore being a computer-based storefront accessible by the portable electronic book and including the catalog of distinct digital contents; (d) a repository 50, in electrical communication with the primary virtual bookstore 40, for storing the distinct digital contents listed in the catalog; and (e) an authentication server 32 for authenticating the electronic book users or a bookstore in an information exchange with a host.
The system 100 preferably includes more than one portable electronic book 10, to be commercially viable. This is illustrated in FIG. 1 by including the portable electronic books 12 and 14. The system also preferably includes more than one primary virtual bookstore 40, each serving a different set of customers, each customer owning a portable electronic book.
In one embodiment of the invention, the system 100 further comprises a secondary virtual bookstore 60 in electrical communication with the information services system 20. In this case, the information services system 20 also includes a directory of virtual bookstores 26 in order to provide the portable electronic book 10 with access to the secondary virtual bookstore 60 and its catalog of digital contents.
The information services system 20 also includes a registration server 24 for keeping track of the portable electronic books that are considered active accounts in the system and for ensuring that each portable electronic book is associated with a primary virtual bookstore in the system.
The information services system 20 preferably comprises a centralized bookshelf 30 associated with each portable electronic book 10 in the system. Each centralized bookshelf 30 contains all digital contents requested and owned by the associated portable electronic book 10. Each portable electronic book 10 user can permanently delete any of the owned digital contents from the associated centralized bookshelf 30. Since the centralized bookshelf 30 contains all the digital contents owned by the associated portable electronic book 10, these digital contents may have originated from different virtual bookstores. The centralized bookshelf 30 is a storage extension for the portable electronic book 10. Such storage extension is needed since the portable electronic book 10 has limited non-volatile memory capacity.
The user of the portable electronic book 10 can add marks, such as bookmarks, inking, highlighting and underlining, and annotations on a digital content displayed on the screen of the portable electronic book, then stores this marked digital content in the non-volatile memory of the electronic book 10. The user can also upload this marked digital content to the information services system 20 to store it in the centralized bookshelf 30 associated with the portable electronic book 10, for later retrieval. It is noted that there is no need to upload any unmarked digital content, since it was already stored in the centralized bookshelf 30 at the time it was first requested by the portable electronic book 10.
The information services system 20 further includes an Internet Services Provider (ISP) 34 for providing Internet network access to each portable electronic book in the system.
FIG. 1 further illustrates that the electronic book 10 interacts with the authenticating server 32 and the primary virtual bookstore 40 for authentication of information exchange. In this scenario, the electronic book 10 is a guest and the primary virtual bookstore is a host. The authentication is carried out over the communication network provided by the ISP 34. As will be explained later, other combinations of guest/host are possible.
FIG. 2 is a diagram illustrating an authentication procedure 200 according to one embodiment of the invention.
The authentication procedure 200 involves a guest 210, a host 220, an authentication server 32, an initial request path 241, an initial host response path 242, a guest message path 243, an authentication server response path 244A, a authentication server error path 244B, a guest ticket path 245A, a guest error path 245B, an authentication completed path 246A, and a host error path 256B.
The guest 210 represents the party who initiates the information exchange. The host 220 represents the party who responds to the access request by the guest 210. When an electronic book accesses a bookstore, the personal library, or the registration server (FIG. 1), the electronic book is the guest and the bookstore, the library, or the registration server is the host. When the bookstore accesses the personal library, the bookstore is the guest and the library is the host. As is known by one skilled in the art, other guest/host combinations can be accommodated using the authentication procedure of the present invention. The authentication server 32 is an intermediary agent or entity acting on behalf of the host 220 to authenticate the guest 210.
The authentication procedure 200 uses a symmetric key encryption algorithm to generate a session key that is used during the session. The guest 210 keeps a secret key that is known only to the guest 210 and the authentication server 32. When the guest 210 is the electronic book, the secret key is programmed into the electronic book during the manufacturing process. When the guest 210 is a bookstore, the secret key is created by the bookstore manager or provided by the information service.
The initial request path 241 goes from the guest 210 to the host 220. The initial request path 241 corresponds to the first step (Step 1) in the authentication procedure and is established when the guest 210 initiates the request for a session to the host 220. The guest 210 sends a GET request to the host together with any additional parameters normally required by the host 220.
The initial host response path 242 goes from the host 220 to the guest 210. The initial host response path 242 corresponds to the second step (Step 2) in the authentication procedure and is established when the host 220 responds to the initial request from the guest 210 via the initial request path 241. The host 220 responds with the new URL pointing to the authentication server 32 and appends HOST_ID and HOST_URL parameters to the query string. The host 220 also returns with an AUTHENTICATION=YES cookie to the guest 210 to indicate to the guest 210 the need to generate authentication parameters on the redirection to the authentication server 32.
The guest message path 243 goes from the guest 210 to the authentication server 32. The guest message path 243 corresponds to the third step (Step 3) in the authentication procedure and is established when the guest 210 responds to the AUTHENTICATION=YES cookie returned by the host via the initial host response path 242. The guest 210 creates a MESSAGE and append a number of parameters.
The MESSAGE includes 64 ASCII hexadecimal characters and is formed by two parts. The first part is the represented by the expression GKEY(SKEY, TIME), and the second part is represented by the expression TKEY(GID,CID). The GKEY(SKEY, TIME) includes 32 ASCII hexadecimal characters and is formed by encrypting an SKEY and a TIME. The SKEY is an 8-byte random number generated by the guest 210. TIME is a 4-byte number representing the current time in seconds based on an epoch of 1/1/1904 (4 bytes). The SKEY and TIME are encrypted using the guest key (GKEY). This allows the authentication server 32 to authenticate the guest 210 for a limited time period by accepting time value within a predefined time range. In one embodiment, this predefined time range is 2 hours. The TKEY(GID, 0) includes 32 ASCII hexadecimal characters and is formed by encrypting a GID and a CID. The GID is a 12-character guest ID (e.g., the electronic book ID or the bookstore ID). The CID is a 4-byte customer ID. The GID and CID are encrypted together using a temporary key (TKEY). The TKEY is formed by the first eight bytes of the MD5 digest of a data key (DKEY). The DKEY is formed by the first eight bytes of the MD5 digest of the SKEY.
The appended parameters include other pertinent information such as HOST_ID, HOST_URL, GUEST_ID, DEVICE_TYPE, and VERSION. The HOST_ID is the host identification represented by ASCII number. The HOST_URL is the encoded URL to return to the host. The GUEST_ID is the electronic book serial number or the bookstore ID. The DEVICE_TYPE is the guest type (e.g., electronic book or bookstore). The VERSION is the protocol version number.
The authentication server response path 244A goes from the authentication server 32 to the guest 210. The authentication server response path 244A corresponds to the fourth step (Step 4) in the authentication procedure and is established when the authentication server 32 responds to the MESSAGE sent by the guest 210 via the guest message path 243.
The authenticating server 32 looks up the secret key for the given device type and decrypts the MESSAGE. If the decrypted GID matches the GUEST_ID sent in the appended parameters in the clear as part of the URL, the guest 210 is authenticated and the authentication server response path 244A is established. If the decrypted GID does not match the GUEST_ID, the authentication server error path 244B is established which is described later.
The time portion of the authentication is checked. If it is within a reasonable tolerance (e.g., within the predetermined time range), the authentication server 32 returns an URL redirection to the host, an encrypted RESPONSE cookie, and appends a number of parameters to be described later. If the time portion is outside a reasonable tolerance, the authenticating server 32 responds with an URL redirection to itself specifying two cookies to allow the guest 210 the opportunity to reset its clock properly. The two cookies returned by the authentication server 32 are AUTHENTICATE=YES and TIME=n. The appended parameters include GUEST_ID, DEVICE_TYPE, VERSION, CUSTOMER_ID, FIRST_NAME, MIDDLE_NAME, LAST_NAME, COMPANY, STREET1, STREET2, CITY, STATE, COUNTRY, ZIP, and PRIMARY. The GUEST_ID is the electronic book serial number or the bookstore ID. The DEVICE_TYPE is the guest type (e.g., electronic book or bookstore). The VERSION is the protocol version number. The CUSTOMER_ID is a numeric string representing the electronic book customer identification number. The FIRST_NAME, MIDDLE_NAME, and LAST_NAME represent the name of the customer and is retrieved from the registration database. The COMPANY is the customer's affiliation and is retrieved from the registration database. The STREET1, STREET2, CITY, STATE, COUNTRY, ZIP represent the customer's address and are retrieved from the registration database. The PRIMARY is a flag or indicator (e.g., TRUE or FALSE) to indicate if the bookstore is a primary bookstore or a secondary bookstore.
The RESPONSE includes a 64 ASCII hexadecimal characters which are converted from an encrypted code using the TKEY represented by the expression TKEY(HKEY(SKEY, TIME), TKEY(GID, CID)). HKEY is the host key.
The authentication server error path 244B goes from the authentication server 32 to an error facility. The authentication server path 244B is established when the decrypted GID does not match the GUEST_ID sent in the appended parameters in the clear as part of the URL. The authentication server 32 returns an HTML that displays an error message. An example of such an error message is: “Your electronic book may be defective. Please try again in a few minutes, or contact the manufacturer at the phone number listed in your product manual”.
The guest ticket path 245A goes from the guest 210 to the host 220. The guest ticket path 245A corresponds to the fifth step (Step 5) in the authentication procedure and is established when the guest 210 responds to the RESPONSE from the authenticating server 32 sent by the authentication server 32 via the authenticating server response path 244A.
The guest 210 decrypts the RESPONSE cookie to verify if the authenticating server 32 is in fact genuine by matching the decrypted GID with its own serial number or its own ID. If the authentication server is deemed to be genuine, the 32 byte (or 64 ASCII hexadecimal characters) RESPONSE is decrypted using the TKEY, which is derived from the SKEY. The guest 210 then generates a TICKET which is a 64 ASCII hexadecimal character string converted from the 32-byte RESPONSE. The TICKET is appended to the parameter list of the URL and the redirection to the host 220 is completed. The parameter list includes the same parameters sent via the authentication server response path 244A.
The guest error path 245B goes from the guest 210 to an error processing facility. The guest error path 245B corresponds to the fifth step (Step 5) in the authentication procedure and is established when the decrypted GID does not match with the guest own serial number or its own ID.
The authentication completed path 246A goes from the host 220 to the guest 210. The authentication completed path 246A corresponds to the sixth step (Step 6) in the authentication procedure and is established when the host 220 responds to the TICKET sent from the guest 210 via the guest ticket path 245A.
The host 220 decrypts the TICKET received from the guest 210 via the guest ticket path 245A. If the decrypted GID matches the GUEST)ID sent in the clear, the authentication server 32 and the guest 210 are deemed genuine and the authentication procedure is completed.
The host error path 256B goes from the host to an error processing facility. The host error path 246B corresponds to the sixth step (Step 6) in the authentication procedure and is established when the decrypted GID does not match the GUEST_ID sent in the clear. If this occurs, either the authentication server 32 is not trusted or the guest 210 is not trusted. The host 220 then redirects the GET back to the authentication server 32 to the unauthorized page to process the error. If the guest 210 is a new user and the host 220 does not accept guest access, the host 220 can redirect the GET back to the authentication server 32 to the unauthorized page to process the error
FIG. 3A is a flowchart illustrating a process 300A to perform the first three steps in the authentication procedure in FIG. 2 according to one embodiment of the invention. The process 300A corresponds to steps 1, 2, and 3 in the authentication procedure.
Upon START, the process 300A performs step 1. The guest sends an initial request to the host (Block 310). Step 1 is completed. Then the process 300A performs step 2 by first determining if the host has an active session for the guest at the time (Block 320). If there is an active session signifying that an authentication has been performed, the process 300A is terminated. If not, the host determines if the TICKET parameter is present (Block 322). If the TICKET parameter is present signifying that the host is performing authentication, the process 300A is terminated. If the TICKET parameter is not present, the host responds to the guest request with “object moved” and points new URL to the authentication server (Block 324). Then the host appends the HOST_ID and HOST_URL parameters to the query string (Block 326). Then the host returns the AUTHENTICATE=YES cookie to the guest (Block 328). Step 2 is completed.
The process 300A performs step 3 at the connector B. The guest creates a MESSAGE based on the expression GKEY(SKEY, TIME), TKEY(GID, CID) (Block 330). Then the guest appends parameters on redirection: HOST_ID, HOST_URL, GUEST_ID, DEVICE_TYPE, and VERSION (Block 332). Then the guest sends MESSAGE and the appended parameters to the authentication server (Block 334). Step 3 is completed, concluding the process 300A at the connector A.
FIG. 3B is a flowchart illustrating a process 300B to perform the fourth step in the authentication procedure in FIG. 2 according to one embodiment of the invention. The process 300B corresponds to step 4 in the authentication procedure.
The process 300B starts step 4 at the connector A. The authentication server looks up the secret key for the device type received from the guest and decrypts the message (Block 340). Then the process 300B determines if the guest ID exist in the database (Block 341). If not, the authentication server returns an error message and disconnects the connection (Block 343) and is then terminated. If the guest ID exists in the database, the authentication server determines if the decrypted GID match the GUEST_ID parameter received in the clear (Block 342). If not, the authentication server returns an error message and disconnects the connection (Block 343) and is then terminated. If the decrypted GID matches the GUEST_ID parameter, the authentication server determines if there is a time mismatch (Block 344). If there is a time mismatch, the authentication server responds to the guest with “object moved” and points new URL to itself (Block 346). The authentication server returns two cookies AUTHENTICATION=YES and TIME=n to the guest (Block 348) and then returns to connector B at Block 330 (FIG. 3A).
If there is no time mismatch, the authentication server responds to the guest with “object moved” and points new URL to the original host (Block 345). Then the authentication server appends the list of parameters: guest ID, device type, version, customer ID, name, affiliation, address, primary flag (Block 347). Next, the authentication server creates a response based on the expression TKEY(HKEY(SKEY, TIME), TKEY(GID, CID)) (Block 349). The process 300B concludes step 4 and proceeds to connector C.
FIG. 3C is a flowchart illustrating a process 300C to perform the last two steps of the authentication procedure in FIG. 2 according to one embodiment of the invention. The process 300C corresponds to steps 5 and 6 in the authentication procedure.
The process 300C starts step 5 at the connector C. The guest decrypts the response from the authentication server (Block 350). Then the guest determines if the decrypted GID match the guest's own serial number (block 352). If not, the guest returns an error message and disconnects (Block 354). The process 300C is then terminated. If the decrypted GID match the guest's own serial number, the guest creates the ticket by decrypting the response and converting it back. The guest then appends the list of parameters: guest ID, device type, version, customer ID, name, affiliation, address, primary flag (Block 356). Then the guest redirects the ticket and the appended parameters to the original host (Block 359). Step 5 is completed.
The process 300C starts step 6 where the host receives the ticket and parameters from the guest. The host decrypts the encrypted ticket (Block 360). Then the host determines if the decrypted GID match the guest ID sent in the clear (Block 362). If not, the host redirects the session to the unauthorized page with a NOT_TRUSTED parameter (Block 364) and the authentication procedure is terminated. If there is a match, the host determines if the guest is denied access (Block 366). If yes, the host redirects the session to an unauthorized page with an ACCESS DENIED parameter (Block 368) and the authentication procedure is terminated. If the guest access is not denied, the guest is deemed genuine and the authentication procedure is completed.
If the host cannot trust the response from the guest or Authentication server, it redirects the session to the unauthorized page with the “why” parameter set to “ELECTRONIC_BOOK_NOT_TRUSTED”.
http://authenticate.electronicbook.net/authenticate/unauthorized. asp?
GUEST_ID=deviceID&HOST_ID=storeID&WHY=ELECTRONIC_BOOK_NOT_TRUSTED
If a particular guest is denied access to a host, even though it successfully authenticated, it redirects the session to the unauthorized page with the “WHY” parameter set to “ACCESS_DENIED”.
http://authenticate.bookserver.com/authenticate/unauthorized. asp?
GUEST_ID=deviceID&HOST_ID=storeID&HOST_URL=previousHost & WHY=ACCESS_DENIED
The process 300C is then terminated.
During the authentication process, if it is discovered that the programmable read only memory (ROM) in the electronic book needs to be updated, the user will be asked if ROM updating is desired.
FIG. 4 is a flowchart illustrating a process to perform a ROM update according to one embodiment of the invention.
Upon START, the process 400 notifies the authentication server of the ROM version in the electronic book (Block 410). Then the process 400 determines if the ROM requires an update (Block 420). If not, the process 400 is terminated. If the ROM requires an update, the authentication server responds with an “object moved” to the ROM update page (Block 430). Then the process 400 determines if the user wants the update (Block 440). If no, the process 400 is terminated. If yes, the process 400 downloads the ROM update to the electronic book (Block 450). The process 400 is then terminated.
FIG. 5 is a diagram illustrating the use of extended anchor tags to approve a sales transaction according to one embodiment of the invention.
Extended anchor tags are used to approve an order or sales transaction. The example shown in FIG. 5 illustrates the form of the extended anchor tags used an HTML document.
Optional attributes are contained in brackets, their definitions are as follows:
TYPE=secure. When the anchor is “followed”, either by tap on the hot spot or status slip, a random number that has been encrypted with the electronic book secret key is appended to the target URL. This serves as an order ID. This attribute option is only recognized in a secure HTML page.
SHOWSLIP. If specified, the status slip is displayed when the page is rendered. This attribute is only recognized in a secure HTML page.
PROMPT=“text”. If specified, this text is rendered in the status slip. Ignored if SHOWSLIP not specified.
YESBUTTON=“name”. The name for the button in the status slip (default to “Yes”) which if tapped by the user, follows the link specified by HREF. Ignored if SHOWSLIP not specified.
NOBUTTON=“name”. The name for the button in the status slip (default to “No”) which if tapped by the user, follows the link specified by NOHREF. Ignored if SHOWSLIP not specified.
NOHREF=“URL”. If a link for NOHREF is specified, that link will be followed if the NOBUTTON is tapped. If NOHREF is not specified, and the NOBUTTON is tapped, the slip is dismissed.
The “optional text” in an anchor that specifies SHOWSLIP is rendered normally on the page. If the slip gets dismissed with the NOBUTTON, and no NOHREF has been specified, tapping on the “optional text” hot spot will bring the slip back down.
When the electronic book HTML parser encounters an extended anchor tag, it completes rendering the page and then immediately afterwards drops the status slip, showing an appropriate message.
Tapping “Yes” is equivalent to tapping on the anchor tag. The electronic book knows to respond with an order ID, encrypted with the current data key, inserted immediately after the “=” sign at the end of the HREF link. The order ID is a 32-bit random number generated by the electronic book.
The secure status slip shown above is modal. Tapping outside of the status slip does nothing. The status slip also can not be put away by tapping the “lock” icon.
FIG. 6 is a diagram illustrating the use of a SECURE attribute for information submission according to one embodiment of the invention.
A new SECURE attribute has been added to the <FORM tag. If this attribute is present, all form data is encrypted with the data key before being submitted to the server. Note that only the parameter data is encrypted, and not the parameter names.
The resultant URL would look something like:
. . . /register/detail.asp?Name=A672BF38D909EEC7&Date=FB117 8EEAC6748B7
FIG. 7 is a diagram illustrating a key encryption format according to one embodiment of the invention.
The encryption format includes 32 bytes and is applicable for the MESSAGE, RESPONSE, and TICKET character strings. Bytes 0-5 correspond to the session key SKEY[0:6]. Bytes 6-9 correspond to TIME[0:3] where bytes 6-7 correspond to the most significant bytes and bytes 8-9 correspond to the least significant bytes. Bytes 10-11 correspond to SKEY[7:8]. Bytes 12-15 corresponds to the random number RANDOM. Bytes 16-23 correspond to the guest ID, GID[0:7]. Bytes 24-27 correspond to the guest ID, GID[8:11]. Bytes 28-31 correspond to customer ID, CID[0:3].
The present invention provides a simple and efficient technique to authenticate an information exchange between a host and a guest on a network. The technique uses an authenticating server which shares a host key with the host and a guest key with the guest. The authentication is performed by encrypting and decrypting messages sent between two parties using the shared keys. The technique is reliable and efficient.
While this invention has been described with reference to illustrative embodiments, this description is not intended to be construed in a limiting sense. Various modifications of the illustrative embodiments, as well as other embodiments of the invention, which are apparent to persons skilled in the art to which the invention pertains are deemed to lie within the spirit and scope of the invention.

Claims (20)

What is claimed is:
1. A method for authenticating an information exchange between a host and a guest on a network, the host having a host key and the guest having a guest key, the method comprising:
(a) authenticating the guest by an authenticating server, the authenticating server using the host key and the guest key;
(b) the guest authenticating the authenticating server using the guest key; and
(c) the host authenticating the guest and the authenticating server using the host key.
2. The method of claim 1 further comprising:
initiating a request by the guest to the host; and
redirecting the guest to connect to the authenticating server in response to the request.
3. The method of claim 1 wherein (a) authenticating the guest comprises:
the guest encrypting a message using a guest key;
the guest appending the encrypted message to a parameter list, the parameter listing including a guest identification and a device type;
the guest sending the encrypted message and the appended parameter list to the authenticating server;
the authenticating server decrypting the encrypted message to obtain a decrypted guest code; and
the authenticating server authenticating the guest if the decrypted guest code matches the appended guest identification.
4. The method of claim 1 wherein (b) the guest authenticating the authenticating server comprises:
the authenticating server encrypting a response using a temporary key, the temporary key being derived from the guest key;
the guest decrypting the encrypted response to obtain a decrypted guest code using the guest key; and
the guest authenticating the authenticating server if the decrypted guest code matches a guest identification.
5. The method of claim 1 wherein (c) the host authenticating the guest and the authenticating server comprises:
the guest converting a decrypted response from the authenticating server using a temporary key to an encrypted ticket;
the guest appending a guest identification to the encrypted ticket;
the host decrypting the encrypted ticket using the host key; and
the host authenticating the guest and the authenticating server if the decrypted guest code matches the appended guest identification.
6. The method of claim 4 wherein the guest encrypting the message comprises:
generating a session key;
appending a time to the session key to produce a first message part;
encrypting the first message part using the guest key;
generating second message part, the second message part including a guest identification and a customer identification; and
encrypting the second message part using the temporary key.
7. The method of claim 6 wherein the temporary key is created by:
generating a data key from a portion of an MD5 digest of the session key; and
creating the temporary key from a portion of an MD5 of the data key.
8. The method of claim 7 wherein the authenticating server decrypting the encrypted message comprises:
obtaining a secret key according to the device type; and
decrypting the encrypted message using the secret key.
9. The method of claim 8 further comprising:
the authenticating server determining if the time is within a predetermined range relative to a current time; and
the authenticating server requesting the guest to re-send the message and the parameter list if the time is not within the predetermined range.
10. The method of claim 6 wherein the authenticating server encrypting the response further comprises:
encrypting the session key and the time using the host key to produce a first response part;
encrypting the guest identification and a customer identification by the temporary key to produce a second response part; and
encrypting the first and second response parts using the temporary key.
11. A system for authenticating an information exchange between a host and a guest on a network, the host having a host key and the guest having a guest key, the system comprising:
an authenticating server coupled to the guest for authenticating the guest, the authenticating server using the host key and the guest key; and
wherein the guest authenticating the authenticating server using the guest key and the host authenticating the guest and the authenticating server using the host key.
12. The system of claim 11 wherein the guest initiates a request to the host and the host redirects the guest to connect to the authenticating server in response to the request.
13. The system of claim 11 wherein
the guest encrypts a message using a guest key;
the guest appends the encrypted message to a parameter list, the parameter listing including a guest identification and a device type;
the guest sends the encrypted message and the appended parameter list to the authenticating server;
the authenticating server decrypts the encrypted message to obtain a decrypted guest code; and
the authenticating server authenticates the guest if the decrypted guest code matches the appended guest identification.
14. The system of claim 11 wherein:
the authenticating server encrypts a response using a temporary key, the temporary key being derived from the guest key;
the guest decrypts the encrypted response to obtain a decrypted guest code using the guest key; and
the guest authenticates the authenticating server if the decrypted guest code matches a guest identification.
15. The system of claim 11 wherein:
the guest converts a decrypted response from the authenticating server using a temporary key to an encrypted ticket;
the guest appends a guest identification to the encrypted ticket;
the host decrypts the encrypted ticket using the host key; and
the host authenticates the guest and the authenticating server if the decrypted guest code matches the appended guest identification.
16. The system of claim 14 wherein the guest
generates a session key;
appends a time to the session key to produce a first message part;
encrypts the first message part using the guest key;
generates a second message part, the second message part including a guest identification and a customer identification; and
encrypts the second message part using the temporary key.
17. The system of claim 16 wherein the temporary key is created from a portion of an MD5 of a data key, the data key being generated from a portion of an MD5 digest of the session key.
18. The system of claim 17 wherein the authenticating server:
obtains a secret key according to the device type; and
decrypts the encrypted message using the secret key.
19. The system of claim 18 wherein the authenticating server:
determines if the time is within a predetermined range relative to a current time; and
requests the guest to re-send the message and the parameter list if the time is not within the predetermined range.
20. The system of claim 16 wherein the authenticating server:
encrypts the session key and the time using the host key to produce a first response part;
encrypts the guest identification and a customer identification by the temporary key to produce a second response part; and
encrypts the first and second response parts using the temporary key.
US09/173,970 1998-10-16 1998-10-16 Authentication for information exchange over a communication network Expired - Lifetime US6275934B1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
US09/173,970 US6275934B1 (en) 1998-10-16 1998-10-16 Authentication for information exchange over a communication network
PCT/US1999/023398 WO2000024175A1 (en) 1998-10-16 1999-10-08 Authentication for information exchange over a communication network
AU11042/00A AU1104200A (en) 1998-10-16 1999-10-08 Authentication for information exchange over a communication network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US09/173,970 US6275934B1 (en) 1998-10-16 1998-10-16 Authentication for information exchange over a communication network

Publications (1)

Publication Number Publication Date
US6275934B1 true US6275934B1 (en) 2001-08-14

Family

ID=22634276

Family Applications (1)

Application Number Title Priority Date Filing Date
US09/173,970 Expired - Lifetime US6275934B1 (en) 1998-10-16 1998-10-16 Authentication for information exchange over a communication network

Country Status (3)

Country Link
US (1) US6275934B1 (en)
AU (1) AU1104200A (en)
WO (1) WO2000024175A1 (en)

Cited By (47)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010037314A1 (en) * 2000-03-30 2001-11-01 Ishikawa Mark M. System, method and apparatus for authenticating the distribution of data
US20020002540A1 (en) * 2000-06-30 2002-01-03 Microsoft Corporation Method for authenticating and securing integrated bookstore entries
US20020150223A1 (en) * 2000-06-09 2002-10-17 Heinmiller Wayne Robert Method of providing caller identification for calls placed over an internet
US6496931B1 (en) * 1998-12-31 2002-12-17 Lucent Technologies Inc. Anonymous web site user information communication method
US20030018904A1 (en) * 2001-06-14 2003-01-23 Disanto Frank J. Method and system for preventing computer worm dissemination using encryption
US20030110375A1 (en) * 1998-06-04 2003-06-12 Z4 Technologies, Inc. Method for monitoring software using encryption including digital signatures/certificates
US20030115153A1 (en) * 2001-12-19 2003-06-19 Chen Li Identifier management in message transmission system
US20030120925A1 (en) * 2001-12-21 2003-06-26 Rose Gregory G. Method and apparatus for simplified audio authentication
US20030159050A1 (en) * 2002-02-15 2003-08-21 Alexander Gantman System and method for acoustic two factor authentication
US20040015577A1 (en) * 2000-08-31 2004-01-22 Ulrich Mitreuter Method for protecting an internet supplementary service
WO2004019550A2 (en) * 2002-08-20 2004-03-04 Sony Corporation System and method for authenticating wireless component
US20040107368A1 (en) * 1998-06-04 2004-06-03 Z4 Technologies, Inc. Method for digital rights management including self activating/self authentication software
US20040117628A1 (en) * 1998-06-04 2004-06-17 Z4 Technologies, Inc. Computer readable storage medium for enhancing license compliance of software/digital content including self-activating/self-authenticating software/digital content
US20040117664A1 (en) * 1998-06-04 2004-06-17 Z4 Technologies, Inc. Apparatus for establishing a connectivity platform for digital rights management
US20040117631A1 (en) * 1998-06-04 2004-06-17 Z4 Technologies, Inc. Method for digital rights management including user/publisher connectivity interface
US20040117644A1 (en) * 1998-06-04 2004-06-17 Z4 Technologies, Inc. Method for reducing unauthorized use of software/digital content including self-activating/self-authenticating software/digital content
US6785825B2 (en) 1998-06-04 2004-08-31 Z4 Technologies, Inc. Method for securing software to decrease software piracy
US20050216582A1 (en) * 2002-07-02 2005-09-29 Toomey Christopher N Seamless cross-site user authentication status detection and automatic login
US20050222953A1 (en) * 1999-12-23 2005-10-06 Checkfree Corporation Accessing information on a network using an extended network universal resource locator
US20050268100A1 (en) * 2002-05-10 2005-12-01 Gasparini Louis A System and method for authenticating entities to users
US7032110B1 (en) 2000-06-30 2006-04-18 Landesk Software Limited PKI-based client/server authentication
US20060174328A1 (en) * 2005-01-28 2006-08-03 Dawson Thomas P De-authentication of network component
US20060195585A1 (en) * 2005-02-25 2006-08-31 Siemens Communications, Inc. Systems and methods for routing a communications link
US20070061472A1 (en) * 2001-12-19 2007-03-15 Chen Li Identifier management in message transmission system
US20080133701A1 (en) * 2001-01-18 2008-06-05 Syed Noman Kazmi Method and system for managing digital content, including streaming media
US20080242405A1 (en) * 2007-03-30 2008-10-02 Microsoft Corporation On-line gaming authentication
US20080288376A1 (en) * 2007-04-27 2008-11-20 Cashedge, Inc. Centralized payment hub method and system
US20090044015A1 (en) * 2002-05-15 2009-02-12 Qualcomm Incorporated System and method for managing sonic token verifiers
US20090055290A1 (en) * 1999-09-22 2009-02-26 Harris Scott C Enhancing Touch and Feel on the Internet
US7509290B1 (en) * 2002-04-16 2009-03-24 Microsoft Corporation Methods and apparatuses for differentiating users in multi-player web-based entertainment environments
US20090319410A1 (en) * 2001-06-28 2009-12-24 Checkfree Corporation Inter-Network Electronic Billing
US20100042538A1 (en) * 2008-08-18 2010-02-18 Sanjeev Dheer Money Movement Network Method
US20110047222A1 (en) * 2009-08-24 2011-02-24 International Business Machines Corporation Retrospective changing of previously sent messages
US8255820B2 (en) 2009-06-09 2012-08-28 Skiff, Llc Electronic paper display device event tracking
US20130091256A1 (en) * 2009-01-26 2013-04-11 Apple Inc. Selection of an appropriate online content source based on program information
US8510219B1 (en) * 1999-03-17 2013-08-13 Edward M. Rose Billing management package for internet access and web page utilization
US8984276B2 (en) * 2012-01-10 2015-03-17 Jpmorgan Chase Bank, N.A. System and method for device registration and authentication
US9026578B2 (en) * 2004-05-14 2015-05-05 Microsoft Corporation Systems and methods for persisting data between web pages
CN105007279A (en) * 2015-08-04 2015-10-28 北京百度网讯科技有限公司 Authentication method and authentication system
US20160021204A1 (en) * 2012-06-11 2016-01-21 The Nielsen Company (Us), Llc Methods and apparatus to share online media impressions data
US9305590B2 (en) 2007-10-16 2016-04-05 Seagate Technology Llc Prevent data storage device circuitry swap
US9471910B2 (en) 1999-10-25 2016-10-18 Smartflash, LLC Data storage and access systems
US9582824B2 (en) 1999-09-22 2017-02-28 Scott C. Harris Enhancing touch and feel on the Internet
US9679602B2 (en) 2006-06-14 2017-06-13 Seagate Technology Llc Disc drive circuitry swap
US10334650B2 (en) 2014-01-29 2019-06-25 Yodel Code LLC Automatic peer selection in a field of common peers
US11250169B2 (en) * 2019-05-02 2022-02-15 Bank Of America Corporation System for real-time authenticated obfuscation of electronic data
US20230121782A1 (en) * 2012-02-17 2023-04-20 Ebay Inc. Updating of stored item data via a remote computing system

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040187036A1 (en) * 2002-12-26 2004-09-23 Takashi Nakamura Information providing apparatus, information providing system, service providing apparatus, image forming apparatus, information providing method, service providing method and illegal usage preventing method
WO2006131852A1 (en) * 2005-06-06 2006-12-14 Koninklijke Philips Electronics N.V. Protected wireless network access
KR100739781B1 (en) * 2005-12-27 2007-07-13 삼성전자주식회사 Method and apparatus for transmitting message to each of wireless device groups
JP4966980B2 (en) * 2006-01-31 2012-07-04 パナソニック株式会社 Personal network management method in an environment with multiple carriers
WO2007088638A1 (en) * 2006-01-31 2007-08-09 Matsushita Electric Industrial Co., Ltd. Method for personal network management across multiple operators
CN101325508B (en) * 2007-06-13 2010-07-21 华为技术有限公司 Method and apparatus for implementing individual network management private network business

Citations (89)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US3718906A (en) 1971-06-01 1973-02-27 R Lightner Vending system for remotely accessible stored information
US4159417A (en) 1977-10-28 1979-06-26 Rubincam David P Electronic book
USD276626S (en) 1981-09-14 1984-12-04 Lockwood Lawrence B Combined automatic information terminal and vending machine
US4490810A (en) 1982-02-16 1984-12-25 Hon David C Automated instruction, game and data retrieval system
GB2149544A (en) 1983-11-08 1985-06-12 Standard Telephones Cables Ltd Electronic books for the partially sighted
US4545023A (en) 1980-11-14 1985-10-01 Engineering Project Development Limited Hand-held computer
US4575621A (en) 1984-03-07 1986-03-11 Corpra Research, Inc. Portable electronic transaction device and system therefor
US4591974A (en) 1984-01-31 1986-05-27 Technology Venture Management, Inc. Information recording and retrieval system
US4597058A (en) 1983-05-09 1986-06-24 Romox, Inc. Cartridge programming system
US4601011A (en) 1981-12-30 1986-07-15 Avigdor Grynberg User authorization verification apparatus for computer systems including a central device and a plurality of pocket sized remote units
US4649499A (en) 1984-03-07 1987-03-10 Hewlett-Packard Company Touchscreen two-dimensional emulation of three-dimensional objects
WO1987001481A1 (en) 1985-08-30 1987-03-12 Norbert Joseph Stein Electronic book device
USD289777S (en) 1984-08-13 1987-05-12 Diebold, Incorporated Credit card actuated terminal for controlling the dispense of motor fuel or similar article
US4682161A (en) 1983-09-01 1987-07-21 U.S. Philips Corporation Variable size character display without loss of obscured character positions
US4725977A (en) 1983-06-03 1988-02-16 Cpt, Ltd. Cartridge programming system and method using a central and local program library
US4779080A (en) 1985-03-06 1988-10-18 U.S. Philips Corporation Electronic information display systems
US4820167A (en) 1987-01-14 1989-04-11 Nobles Anthony A Electronic school teaching system
WO1989005023A1 (en) 1987-11-24 1989-06-01 Fernandez Emilio A Microprocessor based simulated book
US4855725A (en) 1987-11-24 1989-08-08 Fernandez Emilio A Microprocessor based simulated book
US4899292A (en) 1988-03-02 1990-02-06 Image Storage/Retrieval Systems, Inc. System for storing and retrieving text and associated graphics
US4916441A (en) 1988-09-19 1990-04-10 Clinicom Incorporated Portable handheld terminal
US4918632A (en) 1988-11-17 1990-04-17 Hewlett-Packard Company Notebook mountable computer system
EP0390611A2 (en) 1989-03-30 1990-10-03 Hiuka Sangyo Kabushiki Kaisha Electronic book
US4972496A (en) 1986-07-25 1990-11-20 Grid Systems Corporation Handwritten keyboardless entry computer system
US4985697A (en) * 1987-07-06 1991-01-15 Learning Insights, Ltd. Electronic book educational publishing method using buried reference materials and alternate learning levels
US5021989A (en) * 1986-04-28 1991-06-04 Hitachi, Ltd. Document browsing apparatus with concurrent processing and retrievel
US5025373A (en) * 1988-06-30 1991-06-18 Jml Communications, Inc. Portable personal-banking system
US5031119A (en) * 1989-06-12 1991-07-09 Tandy Corporation Split screen keyboard emulator
FR2657187A1 (en) 1990-01-16 1991-07-19 Technicatome Self-contained device for displaying numbered documents
FR2657451A1 (en) 1990-01-19 1991-07-26 Bariou Marcel Electronic book device
US5065345A (en) * 1988-11-04 1991-11-12 Dyned International, Inc. Interactive audiovisual control mechanism
US5091939A (en) * 1990-06-22 1992-02-25 Tandy Corporation Method and apparatus for password protection of a computer
US5109354A (en) * 1989-03-31 1992-04-28 Kyocera Corporation Electronic system pocketbook apparatus
US5115508A (en) * 1984-05-22 1992-05-19 Sharp Kabushiki Kaisha Password system utilizing two password types, the first being changeable after entry, the second being unchangeable until power is removed
US5121492A (en) * 1987-03-02 1992-06-09 Meridian Data, Inc. System for simulating access times of a CD ROM on a hard disk by slowing the operation of the hard disk
US5133076A (en) * 1989-06-12 1992-07-21 Grid Systems Corporation Hand held computer
US5146552A (en) * 1990-02-28 1992-09-08 International Business Machines Corporation Method for associating annotation with electronically published material
US5157737A (en) * 1986-07-25 1992-10-20 Grid Systems Corporation Handwritten keyboardless entry computer system
US5157783A (en) * 1988-02-26 1992-10-20 Wang Laboratories, Inc. Data base system which maintains project query list, desktop list and status of multiple ongoing research projects
US5157491A (en) * 1988-10-17 1992-10-20 Kassatly L Samuel A Method and apparatus for video broadcasting and teleconferencing
USD330544S (en) * 1990-12-17 1992-10-27 Modular Instruments, Inc. Combined electronic equipment cabinet and controls
US5199104A (en) * 1988-12-15 1993-03-30 Sony Corporation Electronic organizer with electronic book marker
US5203001A (en) * 1987-04-27 1993-04-13 Sharp Kabushiki Kaisha Portable computer having an updatable table of starting addresses for accessing those stored programs having been previously executed
US5214696A (en) * 1992-02-04 1993-05-25 International Business Machines Corporation Data processing system and method to produce softcopy book readers which are limited to reading only books published by a specific publisher
US5221838A (en) * 1990-12-24 1993-06-22 Motorola, Inc. Electronic wallet
US5222136A (en) * 1992-07-23 1993-06-22 Crest Industries, Inc. Encrypted communication system
US5226080A (en) 1990-06-22 1993-07-06 Grid Systems Corporation Method and apparatus for password protection of a computer
US5231662A (en) 1989-08-01 1993-07-27 Tulip Computers International B.V. Method and device for enciphering data to be transferred and for deciphering the enciphered data, and a computer system comprising such a device
US5233333A (en) 1990-05-21 1993-08-03 Borsuk Sherwin M Portable hand held reading unit with reading aid feature
US5239665A (en) 1989-03-30 1993-08-24 Hiuka Sangyo Kabushiki Kaisha Electronic book having several keys for changing pages and underlining certain portions of text
US5245656A (en) 1992-09-09 1993-09-14 Bell Communications Research, Inc. Security method for private information delivery and filtering in public networks
USD339329S (en) 1990-10-09 1993-09-14 New York Telephone Company Public information access terminal
US5247661A (en) 1990-09-10 1993-09-21 International Business Machines Corporation Method and apparatus for automated document distribution in a data processing system
US5253294A (en) 1983-02-22 1993-10-12 At&T Bell Laboratories Secure transmission system
USD346620S (en) 1992-11-04 1994-05-03 Mcsorley Jeffrey E Electronic book for displaying sheet music
US5319582A (en) 1991-07-12 1994-06-07 Ma Hsi K Detachable portable personal computer
US5333116A (en) 1990-05-04 1994-07-26 Ast Research, Inc. Combination laptop and pad computer
US5339091A (en) 1986-07-07 1994-08-16 Semiconductor Energy Laboratory Co., Ltd. Paperless portable book
US5359707A (en) 1990-10-10 1994-10-25 Fuji Xerox Co., Ltd. Document processor having a programmable dictionary
US5367621A (en) 1991-09-06 1994-11-22 International Business Machines Corporation Data processing method to provide a generalized link from a reference point in an on-line book to an arbitrary multimedia object which can be dynamically updated
US5379057A (en) 1988-11-14 1995-01-03 Microslate, Inc. Portable computer with touch screen and computer system employing same
US5388196A (en) 1990-09-07 1995-02-07 Xerox Corporation Hierarchical shared books with database
US5392387A (en) 1992-12-17 1995-02-21 International Business Machines Corporation Method and system for enhanced data access efficiency in an electronic book
US5398310A (en) 1992-04-13 1995-03-14 Apple Computer, Incorporated Pointing gesture based computer note pad paging and scrolling interface
US5404505A (en) 1991-11-01 1995-04-04 Finisar Corporation System for scheduling transmission of indexed and requested database tiers on demand at varying repetition rates
USD359306S (en) 1992-09-18 1995-06-13 Booklink Corporation Electronic book computer for entering and reading written material
US5428606A (en) 1993-06-30 1995-06-27 Moskowitz; Scott A. Digital information commodities exchange
US5438344A (en) 1990-11-05 1995-08-01 Oliva; Anthony Portable video book
USD362272S (en) 1994-09-01 1995-09-12 Franklin Electronic Publishers, Incorporated Electronic book with display screen
USD362271S (en) 1994-09-01 1995-09-12 Franklin Electronic Publishers, Incorporated Electronic book with display screen and folding cover
USD362461S (en) 1994-09-01 1995-09-19 Franklin Electronic Publishers, Incorporated Electronic book with display screen and speaker
US5457746A (en) 1993-09-14 1995-10-10 Spyrus, Inc. System and method for access control for portable data storage media
US5463725A (en) 1992-12-31 1995-10-31 International Business Machines Corp. Data processing system graphical user interface which emulates printed material
US5465213A (en) 1990-07-27 1995-11-07 Ross; Harvey M. System and method of manufacturing a single book copy
US5467102A (en) 1992-08-31 1995-11-14 Kabushiki Kaisha Toshiba Portable display device with at least two display screens controllable collectively or separately
US5477510A (en) 1992-09-07 1995-12-19 Sony Corporation Optical disc playback and display apparatus
US5483586A (en) 1994-07-18 1996-01-09 Sussman; Lester Electronic on-line subscriber telephone directory
US5598470A (en) 1994-04-25 1997-01-28 International Business Machines Corporation Method and apparatus for enabling trial period use of software products: Method and apparatus for utilizing a decryption block
US5615264A (en) 1995-06-08 1997-03-25 Wave Systems Corp. Encrypted data package record for use in remote transaction metered data system
US5629980A (en) 1994-11-23 1997-05-13 Xerox Corporation System for controlling the distribution and use of digital works
WO1997020274A1 (en) 1995-12-01 1997-06-05 Everybook Delaware, Inc. Personal electronic book system
US5638443A (en) 1994-11-23 1997-06-10 Xerox Corporation System for controlling the distribution and use of composite digital works
US5684950A (en) 1996-09-23 1997-11-04 Lockheed Martin Corporation Method and system for authenticating users to multiple computer servers via a single sign-on
US5697793A (en) 1995-12-14 1997-12-16 Motorola, Inc. Electronic book and method of displaying at least one reading metric therefor
US5719943A (en) 1994-03-28 1998-02-17 Hitachi, Ltd. Digital information signal transmitting/receiving method and system
US5734891A (en) 1991-11-04 1998-03-31 Saigh; Michael M. Systems and apparatus for electronic communication and storage of time encoded information
US5734823A (en) 1991-11-04 1998-03-31 Microtome, Inc. Systems and apparatus for electronic communication and storage of information
US5784463A (en) 1996-12-04 1998-07-21 V-One Corporation Token distribution, registration, and dynamic configuration of user entitlement for an application level security system and method
WO1998040809A2 (en) 1997-03-13 1998-09-17 Cha! Technologies, Inc. Method and system for secure online transaction processing

Patent Citations (92)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US3718906A (en) 1971-06-01 1973-02-27 R Lightner Vending system for remotely accessible stored information
US4159417A (en) 1977-10-28 1979-06-26 Rubincam David P Electronic book
US4545023A (en) 1980-11-14 1985-10-01 Engineering Project Development Limited Hand-held computer
USD276626S (en) 1981-09-14 1984-12-04 Lockwood Lawrence B Combined automatic information terminal and vending machine
US4601011A (en) 1981-12-30 1986-07-15 Avigdor Grynberg User authorization verification apparatus for computer systems including a central device and a plurality of pocket sized remote units
US4490810A (en) 1982-02-16 1984-12-25 Hon David C Automated instruction, game and data retrieval system
US5253294A (en) 1983-02-22 1993-10-12 At&T Bell Laboratories Secure transmission system
US4597058A (en) 1983-05-09 1986-06-24 Romox, Inc. Cartridge programming system
US4725977A (en) 1983-06-03 1988-02-16 Cpt, Ltd. Cartridge programming system and method using a central and local program library
US4682161A (en) 1983-09-01 1987-07-21 U.S. Philips Corporation Variable size character display without loss of obscured character positions
GB2149544A (en) 1983-11-08 1985-06-12 Standard Telephones Cables Ltd Electronic books for the partially sighted
US4591974A (en) 1984-01-31 1986-05-27 Technology Venture Management, Inc. Information recording and retrieval system
US4649499A (en) 1984-03-07 1987-03-10 Hewlett-Packard Company Touchscreen two-dimensional emulation of three-dimensional objects
US4575621A (en) 1984-03-07 1986-03-11 Corpra Research, Inc. Portable electronic transaction device and system therefor
US5115508A (en) * 1984-05-22 1992-05-19 Sharp Kabushiki Kaisha Password system utilizing two password types, the first being changeable after entry, the second being unchangeable until power is removed
USD289777S (en) 1984-08-13 1987-05-12 Diebold, Incorporated Credit card actuated terminal for controlling the dispense of motor fuel or similar article
US4779080A (en) 1985-03-06 1988-10-18 U.S. Philips Corporation Electronic information display systems
WO1987001481A1 (en) 1985-08-30 1987-03-12 Norbert Joseph Stein Electronic book device
US5021989A (en) * 1986-04-28 1991-06-04 Hitachi, Ltd. Document browsing apparatus with concurrent processing and retrievel
US5339091A (en) 1986-07-07 1994-08-16 Semiconductor Energy Laboratory Co., Ltd. Paperless portable book
US4972496A (en) 1986-07-25 1990-11-20 Grid Systems Corporation Handwritten keyboardless entry computer system
US5157737A (en) * 1986-07-25 1992-10-20 Grid Systems Corporation Handwritten keyboardless entry computer system
US5365598A (en) 1986-07-25 1994-11-15 Ast Research, Inc. Handwritten keyboardless entry computer system
US4820167A (en) 1987-01-14 1989-04-11 Nobles Anthony A Electronic school teaching system
US5121492A (en) * 1987-03-02 1992-06-09 Meridian Data, Inc. System for simulating access times of a CD ROM on a hard disk by slowing the operation of the hard disk
US5203001A (en) * 1987-04-27 1993-04-13 Sharp Kabushiki Kaisha Portable computer having an updatable table of starting addresses for accessing those stored programs having been previously executed
US4985697A (en) * 1987-07-06 1991-01-15 Learning Insights, Ltd. Electronic book educational publishing method using buried reference materials and alternate learning levels
WO1989005023A1 (en) 1987-11-24 1989-06-01 Fernandez Emilio A Microprocessor based simulated book
US4855725A (en) 1987-11-24 1989-08-08 Fernandez Emilio A Microprocessor based simulated book
US5157783A (en) * 1988-02-26 1992-10-20 Wang Laboratories, Inc. Data base system which maintains project query list, desktop list and status of multiple ongoing research projects
US4899292A (en) 1988-03-02 1990-02-06 Image Storage/Retrieval Systems, Inc. System for storing and retrieving text and associated graphics
US5025373A (en) * 1988-06-30 1991-06-18 Jml Communications, Inc. Portable personal-banking system
US4916441A (en) 1988-09-19 1990-04-10 Clinicom Incorporated Portable handheld terminal
US5157491A (en) * 1988-10-17 1992-10-20 Kassatly L Samuel A Method and apparatus for video broadcasting and teleconferencing
US5065345A (en) * 1988-11-04 1991-11-12 Dyned International, Inc. Interactive audiovisual control mechanism
US5379057A (en) 1988-11-14 1995-01-03 Microslate, Inc. Portable computer with touch screen and computer system employing same
US4918632A (en) 1988-11-17 1990-04-17 Hewlett-Packard Company Notebook mountable computer system
US5199104A (en) * 1988-12-15 1993-03-30 Sony Corporation Electronic organizer with electronic book marker
EP0390611A2 (en) 1989-03-30 1990-10-03 Hiuka Sangyo Kabushiki Kaisha Electronic book
US5239665A (en) 1989-03-30 1993-08-24 Hiuka Sangyo Kabushiki Kaisha Electronic book having several keys for changing pages and underlining certain portions of text
US5109354A (en) * 1989-03-31 1992-04-28 Kyocera Corporation Electronic system pocketbook apparatus
US5133076A (en) * 1989-06-12 1992-07-21 Grid Systems Corporation Hand held computer
US5031119A (en) * 1989-06-12 1991-07-09 Tandy Corporation Split screen keyboard emulator
US5231662A (en) 1989-08-01 1993-07-27 Tulip Computers International B.V. Method and device for enciphering data to be transferred and for deciphering the enciphered data, and a computer system comprising such a device
FR2657187A1 (en) 1990-01-16 1991-07-19 Technicatome Self-contained device for displaying numbered documents
FR2657451A1 (en) 1990-01-19 1991-07-26 Bariou Marcel Electronic book device
US5146552A (en) * 1990-02-28 1992-09-08 International Business Machines Corporation Method for associating annotation with electronically published material
US5333116A (en) 1990-05-04 1994-07-26 Ast Research, Inc. Combination laptop and pad computer
US5475399A (en) 1990-05-21 1995-12-12 Borsuk; Sherwin M. Portable hand held reading unit with reading aid feature
US5233333A (en) 1990-05-21 1993-08-03 Borsuk Sherwin M Portable hand held reading unit with reading aid feature
US5226080A (en) 1990-06-22 1993-07-06 Grid Systems Corporation Method and apparatus for password protection of a computer
US5091939A (en) * 1990-06-22 1992-02-25 Tandy Corporation Method and apparatus for password protection of a computer
US5465213A (en) 1990-07-27 1995-11-07 Ross; Harvey M. System and method of manufacturing a single book copy
US5465213C1 (en) 1990-07-27 2001-09-18 On Demand Machine Corp System and method of manufacturing a single book copy
US5388196A (en) 1990-09-07 1995-02-07 Xerox Corporation Hierarchical shared books with database
US5247661A (en) 1990-09-10 1993-09-21 International Business Machines Corporation Method and apparatus for automated document distribution in a data processing system
USD339329S (en) 1990-10-09 1993-09-14 New York Telephone Company Public information access terminal
US5359707A (en) 1990-10-10 1994-10-25 Fuji Xerox Co., Ltd. Document processor having a programmable dictionary
US5438344A (en) 1990-11-05 1995-08-01 Oliva; Anthony Portable video book
USD330544S (en) * 1990-12-17 1992-10-27 Modular Instruments, Inc. Combined electronic equipment cabinet and controls
US5221838A (en) * 1990-12-24 1993-06-22 Motorola, Inc. Electronic wallet
US5319582A (en) 1991-07-12 1994-06-07 Ma Hsi K Detachable portable personal computer
US5367621A (en) 1991-09-06 1994-11-22 International Business Machines Corporation Data processing method to provide a generalized link from a reference point in an on-line book to an arbitrary multimedia object which can be dynamically updated
US5404505A (en) 1991-11-01 1995-04-04 Finisar Corporation System for scheduling transmission of indexed and requested database tiers on demand at varying repetition rates
US5734891A (en) 1991-11-04 1998-03-31 Saigh; Michael M. Systems and apparatus for electronic communication and storage of time encoded information
US5734823A (en) 1991-11-04 1998-03-31 Microtome, Inc. Systems and apparatus for electronic communication and storage of information
US5214696A (en) * 1992-02-04 1993-05-25 International Business Machines Corporation Data processing system and method to produce softcopy book readers which are limited to reading only books published by a specific publisher
US5398310A (en) 1992-04-13 1995-03-14 Apple Computer, Incorporated Pointing gesture based computer note pad paging and scrolling interface
US5222136A (en) * 1992-07-23 1993-06-22 Crest Industries, Inc. Encrypted communication system
US5467102A (en) 1992-08-31 1995-11-14 Kabushiki Kaisha Toshiba Portable display device with at least two display screens controllable collectively or separately
US5477510A (en) 1992-09-07 1995-12-19 Sony Corporation Optical disc playback and display apparatus
US5245656A (en) 1992-09-09 1993-09-14 Bell Communications Research, Inc. Security method for private information delivery and filtering in public networks
USD359306S (en) 1992-09-18 1995-06-13 Booklink Corporation Electronic book computer for entering and reading written material
USD346620S (en) 1992-11-04 1994-05-03 Mcsorley Jeffrey E Electronic book for displaying sheet music
US5392387A (en) 1992-12-17 1995-02-21 International Business Machines Corporation Method and system for enhanced data access efficiency in an electronic book
US5463725A (en) 1992-12-31 1995-10-31 International Business Machines Corp. Data processing system graphical user interface which emulates printed material
US5428606A (en) 1993-06-30 1995-06-27 Moskowitz; Scott A. Digital information commodities exchange
US5457746A (en) 1993-09-14 1995-10-10 Spyrus, Inc. System and method for access control for portable data storage media
US5719943A (en) 1994-03-28 1998-02-17 Hitachi, Ltd. Digital information signal transmitting/receiving method and system
US5598470A (en) 1994-04-25 1997-01-28 International Business Machines Corporation Method and apparatus for enabling trial period use of software products: Method and apparatus for utilizing a decryption block
US5483586A (en) 1994-07-18 1996-01-09 Sussman; Lester Electronic on-line subscriber telephone directory
USD362461S (en) 1994-09-01 1995-09-19 Franklin Electronic Publishers, Incorporated Electronic book with display screen and speaker
USD362271S (en) 1994-09-01 1995-09-12 Franklin Electronic Publishers, Incorporated Electronic book with display screen and folding cover
USD362272S (en) 1994-09-01 1995-09-12 Franklin Electronic Publishers, Incorporated Electronic book with display screen
US5638443A (en) 1994-11-23 1997-06-10 Xerox Corporation System for controlling the distribution and use of composite digital works
US5629980A (en) 1994-11-23 1997-05-13 Xerox Corporation System for controlling the distribution and use of digital works
US5615264A (en) 1995-06-08 1997-03-25 Wave Systems Corp. Encrypted data package record for use in remote transaction metered data system
WO1997020274A1 (en) 1995-12-01 1997-06-05 Everybook Delaware, Inc. Personal electronic book system
US5697793A (en) 1995-12-14 1997-12-16 Motorola, Inc. Electronic book and method of displaying at least one reading metric therefor
US5684950A (en) 1996-09-23 1997-11-04 Lockheed Martin Corporation Method and system for authenticating users to multiple computer servers via a single sign-on
US5784463A (en) 1996-12-04 1998-07-21 V-One Corporation Token distribution, registration, and dynamic configuration of user entitlement for an application level security system and method
WO1998040809A2 (en) 1997-03-13 1998-09-17 Cha! Technologies, Inc. Method and system for secure online transaction processing

Non-Patent Citations (13)

* Cited by examiner, † Cited by third party
Title
Bruce Schneier, Applied Cryptography, section 3.2, 1992.*
Cox Technology Threatens to Shatter the World of College Textbooks The Wall Street Journal-Electronic Campus, Jun. 1, 1993.
Cox Technology Threatens to Shatter the World of College Textbooks The Wall Street Journal—Electronic Campus, Jun. 1, 1993.
Dvorak, et al. Methodology for User Centred Link Structures for Textbook to Hypertext Conversion, IEEE, Jan. 1992, pp. 619-628.
Fisher This Little Compute rTries to be a Book, St. Louis Post-Dispatch, Jan. 4, 1995.
Gustavus Simmons, Comtemporary Cryptology, chapter, 1992.*
Pobiak Adjustable Access Electronic Books, IEEE, Jan. 1992, pp. 90-94.
Ramos Making Book on Electronic Books, College Store Journal-Sep./Oct. 1992.
Ramos Making Book on Electronic Books, College Store Journal—Sep./Oct. 1992.
Steinert-Threlkeld Now, Data by Satellite, Inter@ctive Week (no date).
The Heller Report, Oct. 1993.
Wantanabe et al., Visual Interface for Retrieval of Electronic-Formed Books, IEEE, Jul. 1993, pp. 692-695.
Ziegler IBM to Unveil Plan to Skip Disks, Send Software by Satellite, The Wall Street Journal, Nov. 1, 1994.

Cited By (100)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6813718B2 (en) 1998-06-04 2004-11-02 Z4 Technologies, Inc. Computer readable storage medium for securing software to reduce unauthorized use
US6986063B2 (en) 1998-06-04 2006-01-10 Z4 Technologies, Inc. Method for monitoring software using encryption including digital signatures/certificates
US20040107368A1 (en) * 1998-06-04 2004-06-03 Z4 Technologies, Inc. Method for digital rights management including self activating/self authentication software
US6857078B2 (en) 1998-06-04 2005-02-15 Z4 Technologies, Inc. Method for securing software to increase license compliance
US6813717B2 (en) 1998-06-04 2004-11-02 Z4 Technologies, Inc. Method for securing software to reduce unauthorized use
US20030110375A1 (en) * 1998-06-04 2003-06-12 Z4 Technologies, Inc. Method for monitoring software using encryption including digital signatures/certificates
US20040117628A1 (en) * 1998-06-04 2004-06-17 Z4 Technologies, Inc. Computer readable storage medium for enhancing license compliance of software/digital content including self-activating/self-authenticating software/digital content
US6795925B2 (en) 1998-06-04 2004-09-21 Z4 Technologies, Inc. Computer readable storage medium for providing repeated contact with software end-user
US6792548B2 (en) 1998-06-04 2004-09-14 Z4 Technologies, Inc. Method for providing repeated contact with software end-user using authorized administrator
US6792549B2 (en) 1998-06-04 2004-09-14 Z4 Technologies, Inc. Method and apparatus for repeated contact of software end-user
US6785825B2 (en) 1998-06-04 2004-08-31 Z4 Technologies, Inc. Method for securing software to decrease software piracy
US20040117644A1 (en) * 1998-06-04 2004-06-17 Z4 Technologies, Inc. Method for reducing unauthorized use of software/digital content including self-activating/self-authenticating software/digital content
US20040117631A1 (en) * 1998-06-04 2004-06-17 Z4 Technologies, Inc. Method for digital rights management including user/publisher connectivity interface
US20040117664A1 (en) * 1998-06-04 2004-06-17 Z4 Technologies, Inc. Apparatus for establishing a connectivity platform for digital rights management
US7706514B2 (en) 1998-09-16 2010-04-27 At&T Intellectual Property I, Lp Method of providing caller identification for calls placed over an internet
US7260385B2 (en) 1998-09-16 2007-08-21 Sbc Properties, L.P. Method of providing caller identification for calls placed over an internet
US20070269028A1 (en) * 1998-09-16 2007-11-22 Heinmiller Wayne R Method of providing caller identification for calls placed over an internet
US20040048606A1 (en) * 1998-09-16 2004-03-11 Heinmiller Wayne Robert Method of providing caller identification for calls placed over an internet
US6496931B1 (en) * 1998-12-31 2002-12-17 Lucent Technologies Inc. Anonymous web site user information communication method
US8510219B1 (en) * 1999-03-17 2013-08-13 Edward M. Rose Billing management package for internet access and web page utilization
US9582824B2 (en) 1999-09-22 2017-02-28 Scott C. Harris Enhancing touch and feel on the Internet
US8738471B2 (en) * 1999-09-22 2014-05-27 Scott C. Harris Enhancing touch and feel on the internet
US20090055290A1 (en) * 1999-09-22 2009-02-26 Harris Scott C Enhancing Touch and Feel on the Internet
US9471910B2 (en) 1999-10-25 2016-10-18 Smartflash, LLC Data storage and access systems
US20050222953A1 (en) * 1999-12-23 2005-10-06 Checkfree Corporation Accessing information on a network using an extended network universal resource locator
US20070016525A1 (en) * 1999-12-23 2007-01-18 Ravi Ganesan Facilitating access to information stored on a network using an extended network universal resource locator
US7426638B2 (en) * 1999-12-23 2008-09-16 Checkfree Corporation Controlling access to information on a network using an extended network universal resource locator
US20070022052A1 (en) * 1999-12-23 2007-01-25 Ravi Ganesan Controlling access to information on a network using an extended network universal resource locator
US7334128B2 (en) * 1999-12-23 2008-02-19 Checkfree Corporation Accessing information on a network using an extended network universal resource locator
US20010037314A1 (en) * 2000-03-30 2001-11-01 Ishikawa Mark M. System, method and apparatus for authenticating the distribution of data
US6650743B2 (en) * 2000-06-09 2003-11-18 Ameritech Corporation Method of providing caller identification for calls placed over an internet
US20020150223A1 (en) * 2000-06-09 2002-10-17 Heinmiller Wayne Robert Method of providing caller identification for calls placed over an internet
US7127607B1 (en) * 2000-06-30 2006-10-24 Landesk Software Limited PKI-based client/server authentication
US20020002540A1 (en) * 2000-06-30 2002-01-03 Microsoft Corporation Method for authenticating and securing integrated bookstore entries
US7032110B1 (en) 2000-06-30 2006-04-18 Landesk Software Limited PKI-based client/server authentication
US9264424B2 (en) * 2000-08-31 2016-02-16 Siemens Aktiengesellschaft Method for protecting an internet supplementary service
US20040015577A1 (en) * 2000-08-31 2004-01-22 Ulrich Mitreuter Method for protecting an internet supplementary service
US20080133701A1 (en) * 2001-01-18 2008-06-05 Syed Noman Kazmi Method and system for managing digital content, including streaming media
US8595340B2 (en) * 2001-01-18 2013-11-26 Yahoo! Inc. Method and system for managing digital content, including streaming media
US20030018904A1 (en) * 2001-06-14 2003-01-23 Disanto Frank J. Method and system for preventing computer worm dissemination using encryption
US7120796B2 (en) * 2001-06-14 2006-10-10 Copytele, Inc. Method and system for preventing computer worm dissemination using encryption
US8620782B2 (en) 2001-06-28 2013-12-31 Checkfree Services Corporation Inter-network electronic billing
US20090319410A1 (en) * 2001-06-28 2009-12-24 Checkfree Corporation Inter-Network Electronic Billing
US10210488B2 (en) 2001-06-28 2019-02-19 Checkfree Services Corporation Inter-network financial service
US20070061472A1 (en) * 2001-12-19 2007-03-15 Chen Li Identifier management in message transmission system
US20080010073A1 (en) * 2001-12-19 2008-01-10 Common Objects, A California Corporation Identifier management in message transmission system
US20030115153A1 (en) * 2001-12-19 2003-06-19 Chen Li Identifier management in message transmission system
US20030120925A1 (en) * 2001-12-21 2003-06-26 Rose Gregory G. Method and apparatus for simplified audio authentication
US7251730B2 (en) * 2001-12-21 2007-07-31 Qualcomm Incorporated Method and apparatus for simplified audio authentication
US20090141890A1 (en) * 2002-02-15 2009-06-04 Qualcomm Incorporated Digital authentication over acoustic channel
US20030159050A1 (en) * 2002-02-15 2003-08-21 Alexander Gantman System and method for acoustic two factor authentication
US7966497B2 (en) 2002-02-15 2011-06-21 Qualcomm Incorporated System and method for acoustic two factor authentication
US8391480B2 (en) 2002-02-15 2013-03-05 Qualcomm Incorporated Digital authentication over acoustic channel
US7509290B1 (en) * 2002-04-16 2009-03-24 Microsoft Corporation Methods and apparatuses for differentiating users in multi-player web-based entertainment environments
US20050268100A1 (en) * 2002-05-10 2005-12-01 Gasparini Louis A System and method for authenticating entities to users
US7562222B2 (en) * 2002-05-10 2009-07-14 Rsa Security Inc. System and method for authenticating entities to users
US8943583B2 (en) 2002-05-15 2015-01-27 Qualcomm Incorporated System and method for managing sonic token verifiers
US20090044015A1 (en) * 2002-05-15 2009-02-12 Qualcomm Incorporated System and method for managing sonic token verifiers
US20100064355A1 (en) * 2002-07-02 2010-03-11 Christopher Newell Toomey Seamless cross-site user authentication status detection and automatic login
US20050216582A1 (en) * 2002-07-02 2005-09-29 Toomey Christopher N Seamless cross-site user authentication status detection and automatic login
US8719899B2 (en) 2002-07-02 2014-05-06 Bright Sun Technologies Seamless cross-site user authentication status detection and automatic login
US7596804B2 (en) 2002-07-02 2009-09-29 Aol Llc Seamless cross-site user authentication status detection and automatic login
US20050132234A1 (en) * 2002-08-20 2005-06-16 Dawson Thomas P. Authentication of mobile wireless network component
US7356691B2 (en) 2002-08-20 2008-04-08 Sony Corporation Authentication of mobile wireless network component
WO2004019550A3 (en) * 2002-08-20 2004-03-25 Sony Corp System and method for authenticating wireless component
US20040054897A1 (en) * 2002-08-20 2004-03-18 Sony Corporation System and method for authenticating wireless component
US7260714B2 (en) * 2002-08-20 2007-08-21 Sony Corporation System and method for authenticating wireless component
WO2004019550A2 (en) * 2002-08-20 2004-03-04 Sony Corporation System and method for authenticating wireless component
US9026578B2 (en) * 2004-05-14 2015-05-05 Microsoft Corporation Systems and methods for persisting data between web pages
US20060174328A1 (en) * 2005-01-28 2006-08-03 Dawson Thomas P De-authentication of network component
US7703134B2 (en) 2005-01-28 2010-04-20 Sony Corporation De-authentication of network component
US20060195585A1 (en) * 2005-02-25 2006-08-31 Siemens Communications, Inc. Systems and methods for routing a communications link
US8762541B2 (en) * 2005-02-25 2014-06-24 Siemens Enterprise Communications, Inc. Systems and methods for routing a communications link
US9679602B2 (en) 2006-06-14 2017-06-13 Seagate Technology Llc Disc drive circuitry swap
US20080242405A1 (en) * 2007-03-30 2008-10-02 Microsoft Corporation On-line gaming authentication
US8874480B2 (en) 2007-04-27 2014-10-28 Fiserv, Inc. Centralized payment method and system for online and offline transactions
US20080288376A1 (en) * 2007-04-27 2008-11-20 Cashedge, Inc. Centralized payment hub method and system
US9305590B2 (en) 2007-10-16 2016-04-05 Seagate Technology Llc Prevent data storage device circuitry swap
US20100042538A1 (en) * 2008-08-18 2010-02-18 Sanjeev Dheer Money Movement Network Method
US8745178B2 (en) * 2009-01-26 2014-06-03 Apple Inc. Selection of an appropriate online content source based on program information
US20130091256A1 (en) * 2009-01-26 2013-04-11 Apple Inc. Selection of an appropriate online content source based on program information
US8255820B2 (en) 2009-06-09 2012-08-28 Skiff, Llc Electronic paper display device event tracking
US10122675B2 (en) 2009-08-24 2018-11-06 International Business Machines Corporation Retrospective changing of previously sent messages
US10880259B2 (en) 2009-08-24 2020-12-29 International Business Machines Corporation Retrospective changing of previously sent messages
US9477947B2 (en) 2009-08-24 2016-10-25 International Business Machines Corporation Retrospective changing of previously sent messages
US20110047222A1 (en) * 2009-08-24 2011-02-24 International Business Machines Corporation Retrospective changing of previously sent messages
US10708059B2 (en) 2012-01-10 2020-07-07 Jpmorgan Chase Bank, N.A. System and method for device registration and authentication
US10027485B1 (en) * 2012-01-10 2018-07-17 Jpmorgan Chase Bank, N.A. System and method for device registration and authentication
US8984276B2 (en) * 2012-01-10 2015-03-17 Jpmorgan Chase Bank, N.A. System and method for device registration and authentication
US11489673B2 (en) 2012-01-10 2022-11-01 Jpmorgan Chase Bank, N.A. System and method for device registration and authentication
US20230121782A1 (en) * 2012-02-17 2023-04-20 Ebay Inc. Updating of stored item data via a remote computing system
US11356521B2 (en) 2012-06-11 2022-06-07 The Nielsen Company (Us), Llc Methods and apparatus to share online media impressions data
US20160021204A1 (en) * 2012-06-11 2016-01-21 The Nielsen Company (Us), Llc Methods and apparatus to share online media impressions data
US10536543B2 (en) 2012-06-11 2020-01-14 The Nielsen Company (Us), Llc Methods and apparatus to share online media impressions data
US10027773B2 (en) * 2012-06-11 2018-07-17 The Nielson Company (Us), Llc Methods and apparatus to share online media impressions data
US10334650B2 (en) 2014-01-29 2019-06-25 Yodel Code LLC Automatic peer selection in a field of common peers
CN105007279A (en) * 2015-08-04 2015-10-28 北京百度网讯科技有限公司 Authentication method and authentication system
CN105007279B (en) * 2015-08-04 2018-11-27 北京百度网讯科技有限公司 Authentication method and Verification System
US20220114288A1 (en) * 2019-05-02 2022-04-14 Bank Of America Corporation System for real-time authenticated obfuscation of electronic data
US11250169B2 (en) * 2019-05-02 2022-02-15 Bank Of America Corporation System for real-time authenticated obfuscation of electronic data

Also Published As

Publication number Publication date
AU1104200A (en) 2000-05-08
WO2000024175A1 (en) 2000-04-27

Similar Documents

Publication Publication Date Title
US6275934B1 (en) Authentication for information exchange over a communication network
JP3605501B2 (en) Communication system, message processing method, and computer system
CA2417406C (en) Digital receipt for a transaction
US7961884B2 (en) Method and system for changing security information in a computer network
JP4274421B2 (en) Pseudo-anonymous user and group authentication method and system on a network
US6061789A (en) Secure anonymous information exchange in a network
JP5591431B2 (en) Security transaction protocol
US7653809B2 (en) Method and system for controlling the on-line supply of digital products or the access to on-line services
US7187772B2 (en) Anonymous transactions based on distributed processing
US7117167B2 (en) Systems, methods, and computer-readable media for controlling delivery of digital products to users
US20140344164A1 (en) Purchase Transaction System with Encrypted Payment Card Data
US20070106897A1 (en) Secure RFID authentication system
US20030028493A1 (en) Personal information management system, personal information management method, and information processing server
TW486902B (en) Method capable of preventing electronic documents from being illegally copied and its system
WO2001082036A9 (en) Method and system for signing and authenticating electronic documents
JP2003058657A (en) Server and method for license management
JP2009526321A (en) System for executing a transaction in a point-of-sale information management terminal using a changing identifier
JP2002298055A (en) Electronic commerce system
EP1452938A1 (en) System and method employed to enable a user to securely validate that an internet retail site satisfies pre-determined conditions
EP1493241A1 (en) Method and system for changing security information in a computer network
KR20080094000A (en) Method and apparatus for establishing peer-to-peer karma and trust
Li et al. Securing offline delivery services by using Kerberos authentication
US20020099664A1 (en) Method and apparatus for secure electronic transaction authentication
JP2004341832A (en) Personal information management method and system, issuing device for identifier for disclosure, and personal information disclosure device
WO2011058629A1 (en) Information management system

Legal Events

Date Code Title Description
AS Assignment

Owner name: SOFTBOOK PRESS, INC., CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:NOVICOV, ALEKSEY;RIVLIN, JOHN MICHAEL;CONBOY, GARTH;AND OTHERS;REEL/FRAME:009687/0886;SIGNING DATES FROM 19981214 TO 19981218

AS Assignment

Owner name: STARSIGHT TELECAST, INC., CALIFORNIA

Free format text: SECURITY AGREEMENT;ASSIGNOR:SOFTBOOK PRESS, INC.;REEL/FRAME:010485/0218

Effective date: 19991213

STCF Information on status: patent grant

Free format text: PATENTED CASE

FPAY Fee payment

Year of fee payment: 4

AS Assignment

Owner name: GEMSTAR EBOOK GROUP LIMITED, CALIFORNIA

Free format text: MERGER AND CHANGE OF NAME;ASSIGNORS:SOFTBOOK PRESS, INC.(CHANGE OF NAME TO GEMSTAR EBOOK GROUP LIMITED);NUVOMEDIA, INC. (AGREEMENT AND APPROVAL OF MERGER BETWEEN GEMSTAR EBOOK GROUP AND NUVOMEDIA, INC.);REEL/FRAME:016117/0747

Effective date: 20011228

FPAY Fee payment

Year of fee payment: 8

AS Assignment

Owner name: ROVI TECHNOLOGIES CORPORATION, CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:NETWORKS EBOOK LLC;REEL/FRAME:023208/0369

Effective date: 20090819

Owner name: NETWORKS EBOOK LLC, CALIFORNIA

Free format text: MERGER;ASSIGNOR:GEMSTAR EBOOK GROUP LIMITED;REEL/FRAME:023208/0376

Effective date: 20051222

AS Assignment

Owner name: JPMORGAN CHASE BANK, N.A., NEW YORK

Free format text: SECURITY AGREEMENT;ASSIGNOR:ROVI TECHNOLOGIES CORPORATION;REEL/FRAME:023607/0249

Effective date: 20090915

AS Assignment

Owner name: TV GUIDE, INC., CALIFORNIA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:JPMORGAN CHASE BANK, N.A. (A NATIONAL ASSOCIATION);REEL/FRAME:025222/0731

Effective date: 20100317

Owner name: APTIV DIGITAL, INC., CALIFORNIA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:JPMORGAN CHASE BANK, N.A. (A NATIONAL ASSOCIATION);REEL/FRAME:025222/0731

Effective date: 20100317

Owner name: TV GUIDE ONLINE, LLC, CALIFORNIA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:JPMORGAN CHASE BANK, N.A. (A NATIONAL ASSOCIATION);REEL/FRAME:025222/0731

Effective date: 20100317

Owner name: ALL MEDIA GUIDE, LLC, CALIFORNIA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:JPMORGAN CHASE BANK, N.A. (A NATIONAL ASSOCIATION);REEL/FRAME:025222/0731

Effective date: 20100317

Owner name: ROVI SOLUTIONS CORPORATION (FORMERLY KNOWN AS MACR

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:JPMORGAN CHASE BANK, N.A. (A NATIONAL ASSOCIATION);REEL/FRAME:025222/0731

Effective date: 20100317

Owner name: ODS PROPERTIES, INC., CALIFORNIA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:JPMORGAN CHASE BANK, N.A. (A NATIONAL ASSOCIATION);REEL/FRAME:025222/0731

Effective date: 20100317

Owner name: INDEX SYSTEMS INC., CALIFORNIA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:JPMORGAN CHASE BANK, N.A. (A NATIONAL ASSOCIATION);REEL/FRAME:025222/0731

Effective date: 20100317

Owner name: UNITED VIDEO PROPERTIES, INC., CALIFORNIA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:JPMORGAN CHASE BANK, N.A. (A NATIONAL ASSOCIATION);REEL/FRAME:025222/0731

Effective date: 20100317

Owner name: STARSIGHT TELECAST, INC., CALIFORNIA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:JPMORGAN CHASE BANK, N.A. (A NATIONAL ASSOCIATION);REEL/FRAME:025222/0731

Effective date: 20100317

Owner name: GEMSTAR DEVELOPMENT CORPORATION, CALIFORNIA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:JPMORGAN CHASE BANK, N.A. (A NATIONAL ASSOCIATION);REEL/FRAME:025222/0731

Effective date: 20100317

Owner name: ROVI SOLUTIONS LIMITED (FORMERLY KNOWN AS MACROVIS

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:JPMORGAN CHASE BANK, N.A. (A NATIONAL ASSOCIATION);REEL/FRAME:025222/0731

Effective date: 20100317

Owner name: ROVI TECHNOLOGIES CORPORATION, CALIFORNIA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:JPMORGAN CHASE BANK, N.A. (A NATIONAL ASSOCIATION);REEL/FRAME:025222/0731

Effective date: 20100317

Owner name: ROVI DATA SOLUTIONS, INC. (FORMERLY KNOWN AS TV GU

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:JPMORGAN CHASE BANK, N.A. (A NATIONAL ASSOCIATION);REEL/FRAME:025222/0731

Effective date: 20100317

Owner name: ROVI GUIDES, INC. (FORMERLY KNOWN AS GEMSTAR-TV GU

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:JPMORGAN CHASE BANK, N.A. (A NATIONAL ASSOCIATION);REEL/FRAME:025222/0731

Effective date: 20100317

AS Assignment

Owner name: SOFTBOOK PRESS, INC., CALIFORNIA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:STARSIGHT TELECAST, INC.;REEL/FRAME:026342/0211

Effective date: 20110524

FPAY Fee payment

Year of fee payment: 12

AS Assignment

Owner name: ROVI TECHNOLOGIES CORPORATION, CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:NETWORKS EBOOK LLC;REEL/FRAME:030605/0654

Effective date: 20090819

AS Assignment

Owner name: MORGAN STANLEY SENIOR FUNDING, INC., AS COLLATERAL AGENT, MARYLAND

Free format text: PATENT SECURITY AGREEMENT;ASSIGNORS:APTIV DIGITAL, INC.;GEMSTAR DEVELOPMENT CORPORATION;INDEX SYSTEMS INC.;AND OTHERS;REEL/FRAME:033407/0035

Effective date: 20140702

Owner name: INDEX SYSTEMS INC., CALIFORNIA

Free format text: PATENT RELEASE;ASSIGNOR:JPMORGAN CHASE BANK, N.A., AS COLLATERAL AGENT;REEL/FRAME:033396/0001

Effective date: 20140702

Owner name: ROVI SOLUTIONS CORPORATION, CALIFORNIA

Free format text: PATENT RELEASE;ASSIGNOR:JPMORGAN CHASE BANK, N.A., AS COLLATERAL AGENT;REEL/FRAME:033396/0001

Effective date: 20140702

Owner name: MORGAN STANLEY SENIOR FUNDING, INC., AS COLLATERAL

Free format text: PATENT SECURITY AGREEMENT;ASSIGNORS:APTIV DIGITAL, INC.;GEMSTAR DEVELOPMENT CORPORATION;INDEX SYSTEMS INC.;AND OTHERS;REEL/FRAME:033407/0035

Effective date: 20140702

Owner name: APTIV DIGITAL, INC., CALIFORNIA

Free format text: PATENT RELEASE;ASSIGNOR:JPMORGAN CHASE BANK, N.A., AS COLLATERAL AGENT;REEL/FRAME:033396/0001

Effective date: 20140702

Owner name: ALL MEDIA GUIDE, LLC, CALIFORNIA

Free format text: PATENT RELEASE;ASSIGNOR:JPMORGAN CHASE BANK, N.A., AS COLLATERAL AGENT;REEL/FRAME:033396/0001

Effective date: 20140702

Owner name: TV GUIDE INTERNATIONAL, INC., CALIFORNIA

Free format text: PATENT RELEASE;ASSIGNOR:JPMORGAN CHASE BANK, N.A., AS COLLATERAL AGENT;REEL/FRAME:033396/0001

Effective date: 20140702

Owner name: UNITED VIDEO PROPERTIES, INC., CALIFORNIA

Free format text: PATENT RELEASE;ASSIGNOR:JPMORGAN CHASE BANK, N.A., AS COLLATERAL AGENT;REEL/FRAME:033396/0001

Effective date: 20140702

Owner name: ROVI GUIDES, INC., CALIFORNIA

Free format text: PATENT RELEASE;ASSIGNOR:JPMORGAN CHASE BANK, N.A., AS COLLATERAL AGENT;REEL/FRAME:033396/0001

Effective date: 20140702

Owner name: STARSIGHT TELECAST, INC., CALIFORNIA

Free format text: PATENT RELEASE;ASSIGNOR:JPMORGAN CHASE BANK, N.A., AS COLLATERAL AGENT;REEL/FRAME:033396/0001

Effective date: 20140702

Owner name: ROVI TECHNOLOGIES CORPORATION, CALIFORNIA

Free format text: PATENT RELEASE;ASSIGNOR:JPMORGAN CHASE BANK, N.A., AS COLLATERAL AGENT;REEL/FRAME:033396/0001

Effective date: 20140702

Owner name: ROVI CORPORATION, CALIFORNIA

Free format text: PATENT RELEASE;ASSIGNOR:JPMORGAN CHASE BANK, N.A., AS COLLATERAL AGENT;REEL/FRAME:033396/0001

Effective date: 20140702

Owner name: GEMSTAR DEVELOPMENT CORPORATION, CALIFORNIA

Free format text: PATENT RELEASE;ASSIGNOR:JPMORGAN CHASE BANK, N.A., AS COLLATERAL AGENT;REEL/FRAME:033396/0001

Effective date: 20140702

AS Assignment

Owner name: STARSIGHT TELECAST, INC., CALIFORNIA

Free format text: RELEASE OF SECURITY INTEREST IN PATENT RIGHTS;ASSIGNOR:MORGAN STANLEY SENIOR FUNDING, INC., AS COLLATERAL AGENT;REEL/FRAME:051145/0090

Effective date: 20191122

Owner name: ROVI TECHNOLOGIES CORPORATION, CALIFORNIA

Free format text: RELEASE OF SECURITY INTEREST IN PATENT RIGHTS;ASSIGNOR:MORGAN STANLEY SENIOR FUNDING, INC., AS COLLATERAL AGENT;REEL/FRAME:051145/0090

Effective date: 20191122

Owner name: VEVEO, INC., CALIFORNIA

Free format text: RELEASE OF SECURITY INTEREST IN PATENT RIGHTS;ASSIGNOR:MORGAN STANLEY SENIOR FUNDING, INC., AS COLLATERAL AGENT;REEL/FRAME:051145/0090

Effective date: 20191122

Owner name: INDEX SYSTEMS INC., CALIFORNIA

Free format text: RELEASE OF SECURITY INTEREST IN PATENT RIGHTS;ASSIGNOR:MORGAN STANLEY SENIOR FUNDING, INC., AS COLLATERAL AGENT;REEL/FRAME:051145/0090

Effective date: 20191122

Owner name: GEMSTAR DEVELOPMENT CORPORATION, CALIFORNIA

Free format text: RELEASE OF SECURITY INTEREST IN PATENT RIGHTS;ASSIGNOR:MORGAN STANLEY SENIOR FUNDING, INC., AS COLLATERAL AGENT;REEL/FRAME:051145/0090

Effective date: 20191122

Owner name: APTIV DIGITAL INC., CALIFORNIA

Free format text: RELEASE OF SECURITY INTEREST IN PATENT RIGHTS;ASSIGNOR:MORGAN STANLEY SENIOR FUNDING, INC., AS COLLATERAL AGENT;REEL/FRAME:051145/0090

Effective date: 20191122

Owner name: ROVI GUIDES, INC., CALIFORNIA

Free format text: RELEASE OF SECURITY INTEREST IN PATENT RIGHTS;ASSIGNOR:MORGAN STANLEY SENIOR FUNDING, INC., AS COLLATERAL AGENT;REEL/FRAME:051145/0090

Effective date: 20191122

Owner name: UNITED VIDEO PROPERTIES, INC., CALIFORNIA

Free format text: RELEASE OF SECURITY INTEREST IN PATENT RIGHTS;ASSIGNOR:MORGAN STANLEY SENIOR FUNDING, INC., AS COLLATERAL AGENT;REEL/FRAME:051145/0090

Effective date: 20191122

Owner name: ROVI SOLUTIONS CORPORATION, CALIFORNIA

Free format text: RELEASE OF SECURITY INTEREST IN PATENT RIGHTS;ASSIGNOR:MORGAN STANLEY SENIOR FUNDING, INC., AS COLLATERAL AGENT;REEL/FRAME:051145/0090

Effective date: 20191122

Owner name: SONIC SOLUTIONS LLC, CALIFORNIA

Free format text: RELEASE OF SECURITY INTEREST IN PATENT RIGHTS;ASSIGNOR:MORGAN STANLEY SENIOR FUNDING, INC., AS COLLATERAL AGENT;REEL/FRAME:051145/0090

Effective date: 20191122